HTTP header to stop Google Chrome from using Data Saver to a particular web?

[Andryan Gouw]

Hello,

I posted this question to Google Chrome Help Forum but was told to ask here instead. :)

I'm wondering if there's a server-side method (from HTTP response header) to stop Google Chrome from using Data Saver proxy for a particular web site/server.  The idea behind this question is to allow transparent proxy's injection of some HTTP headers (like MSISDN forwarding) to identify user's services profile for a particular web site/server.

Cheers,

Andryan

[PhistucK]

If you serve the website using HTTPS, you 'bypass' the proxy and your users are more secure. :)

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[Andryan]

Hello,

That's true but that would also prohibit the HTTP header injection from happening and thus not accomplishing the objective. :)

Regards,

Andryan

[Charles White]

I am also interested in this as header injection does not work over HTTPS

[Andryan Gouw]

No way to achieve this, guys?

[Yuta Kitamura]

According to <https://developer.chrome.com/multidevice/data-compression>:

• As a site owner, how do I opt-out from content optimization?
  Data compression proxy respects the standard Cache-Control: no-transform directive. Site owners can mark individual resources with this directive and the proxy will pass them through directly to the browser.

--

[Andryan Gouw]

Ah, thank you!

I will try this to see if this option could be used to let Header Enrichment headers to work properly.

Cheers,

Andryan

[Andryan Gouw]

Unfortunately as mentioned in http://stackoverflow.com/a/27804385, the Cache-Control: no-transform directive does not cause the browser to reexecute the HTTP request and therefore it's not a solution.

[Alejandro Medero]

Andryan did you find a workaround for this without serving your website through https? we're facing the same exact issue.

[Andryan Gouw]

Hi Alejandro,

Unfortunately no.  I gave up on this. :(

I guess there must be modification in the HTTP specs to achieve this.

Cheers,

Andryan

---
You received this message because you are subscribed to a topic in the Google Groups "Chromium-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/chromium-discuss/okmqTgN-mLM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to chromium-discuss+unsubscribe@chromium.org.

[Amit Kulkarni]

Any Update ?

is there no way to bypass google chrome compression proxy ?

its causing issues in Header enrichment in MobilityServices - VAS.

To unsubscribe from this group and all its topics, send an email to chromium-discu...@chromium.org.

[PhistucK]

Yes - use HTTPS.

☆PhistucK

You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+unsubscribe@chromium.org.

[Amit Kulkarni]

Cant use https.

We r in Mobility VAS business , and most things works on header enrichment and ssl wont allow it.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

--

Thanks & Regards ,

Amit Kulkarni

[PhistucK]

Then I guess you cannot bypass it.

But perhaps detail the issue that you are experiencing and that might get fixed (probably at the proxy level and not at the browser level).

☆PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+unsubscribe@chromium.org.

[Amit Kulkarni]

Issue is : Google Proxy Server only pass the IP in x-forwarded IP header.

but in reality there are lots of custom headers sent by Particular Telco.
like MSISDN, IMSI .

as google server is middleware between it, how  can we identify user and get those header details sent by telco to us?

Thanks & Regards ,

Amit Kulkarni

[PhistucK]

Oh, so you are meeting the same problem as with SSL, basically.

The telcos (hopefully) do not touch the requests sent to the proxy, because it is secure, so they do not manipulate the headers.

I do not think there is a solution, other than telling your users to disable the proxy.

☆PhistucK

[Matt Welsh]

Amit, I am the person to talk to about this. Please send me a direct email explaining your needs and I will be happy to discuss options.

Thanks,

Matt Welsh

Google

[angus.k...@accedo.tv]

Hi Matt,

We too have the same issue with the telco adding headers if the mobile is on their network and using a web service from our system which is IP whitelisted by the Telco.

So anyway to stop Chrome  from doing this from the server end of things ?

[webber]

Hi Matt,

We are also in trouble with this feature because it prevents  msisdn header enrichment from telecom operators.  Is there any way to stop data save mode for particular sites from server side, or is it possible for chrome to implement a similar feature as "Opera PaymentEnable v3" that makes both data save mode and header enrichment work well?

在 2017年8月1日星期二 UTC+8下午1:59:19，Matt Welsh写道：

[webber]

Hi Matt,

We are also in trouble with this feature because it prevents msisdn header enrichment by teleco operators. Is there any way to disable data save mode for particular sites from server side, or is it possbile for chrome to implement a similar feature as "Opera Payment Enable v3" that could make both data save mode and header enrichment work well?

在 2017年8月1日星期二 UTC+8下午1:59:19，Matt Welsh写道：

Amit, I am the person to talk to about this. Please send me a direct email explaining your needs and I will be happy to discuss options.

[Jovan Komnenovic]

Dear Matt, we are facing same issue for Ooredoo Oman VAS services. We see new Android 7+ Nugget Chrome UA is stripping of all enrichment in the header while other browsers eg like Firefox Q are not. Please share how to sort it out. My colleague serving Google CDN didnt get any update eg on diverting non Youtube HTTP traffic from your CDN to avoid such major change for our customers. Please advice.
Jovan Komnenovic
Section Head - PS Core, Data Services, Ooredoo Oman
 +96895103066
 

Via: 1.1 Chrome-Compression-Proxy

X-Forwarded-For: 188.66.131.xxx

Connection: keep-alive

User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G955F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36

…

REMOTE_ADDR: 66.249.93.206

https://whois.arin.net/rest/net/NET-66-249-64-0-1/pft?s=66.249.93.206

Organization
Name        Google LLC
State/Province    CA
Postal Code     94043
Phone    +1-650-253-0000 (Office)
Email    arin-c...@google.com
https://whois.arin.net/rest/poc/ABUSE5250-ARIN.html
Phone    +1-650-253-0000 (Office)
Email    networ...@google.com

[sathya ruggahavila]

Hi Matt

 we are facing the same issue. we are a vas provider for Srilankan telcos when a customer turn on data saver mode we are not getting MSISDN header. this only happened in on our servers on amazon. when we host the website in srilankan hosting provider(srilanka telecom) we are getting headers 

[PhistucK]

Sounds like your Amazon hosting is not using HTTPS. If it did, the Data Saver mode would have not been applied to it.

☆PhistucK

You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[Torne (Richard Coles)]

PhistucK, these sites are generally relying on MITM header insertion for billing purposes: the cell network operator's transparent HTTP proxy injects account information into extra headers when communicating with partners who are allowed to do mobile billing/etc. This mechanism relies both on using unencrypted HTTP *and* on bypassing the data saver proxy (or any other kind of proxy) and many vendors still depend on this :(

They need to read https://developer.chrome.com/multidevice/data-compression-for-isps#proxy-bypass and get onto the blacklist, unfortunately.

[PhistucK]

Are there talks about solving this problem securely? This situation sounds really, really bad.

☆PhistucK

[Torne (Richard Coles)]

I have no idea if the mobile billing industry has developed any replacement or not, or what the adoption would be. Ultimately that would be something that can only really be driven by the mobile operators themselves - even the businesses that are using the billing service would not have much say in the matter.

[Torne (Richard Coles)]

Operators have been doing this kind of billing mechanism since the earliest days of the mobile web, when WAP was still a thing, so it's got a lot of inertia behind it.

[PhistucK]

Back then, HTTPS was not as encouraged or popular as it is today. Maybe it is time for browsers to push against this insecure, harmful "solution".

☆PhistucK

[Matt Welsh]

We (on Chrome) are working on a solution to this problem, no details to share just yet, but it is certainly on our radar.

[Ivan Ivanov]

Hi Matt, any update?

[Julio Pardo]

Hi Matt, any update of this problem?

[Nana Osei]

Hi Matt,

any update on this please?

Did you manage to get this done?

thanks

Nana

To unsubscribe from this group and stop receiving emails from it, send an email to chromium...@chromium.org.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to a topic in the Google Groups "Chromium-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/chromium-discuss/okmqTgN-mLM/unsubscribe.

To unsubscribe from this group and all its topics, send an email to chromium...@chromium.org.

[Arif Nezami]

Dear Matt,

Any solution of the save-data hampering telco header push? Looks like it is there for more than 3/4 years now.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium...@chromium.org.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to a topic in the Google Groups "Chromium-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/chromium-discuss/okmqTgN-mLM/unsubscribe.

To unsubscribe from this group and all its topics, send an email to chromium...@chromium.org.

[RAKESH CHAURASIA]

Hi Phistuck,

I am using the amazon server. Can you tell me one thing the Header enrichment will work with https (SSL) in chrome. will it bypass the msisdn if the datasaver mode is 'ON'.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium...@chromium.org.

[RAKESH CHAURASIA]

Hi 

Please any one can help me for my query.

Thanks

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[PhistucK]

Your question is unclear to me, but in general, give people a day or two to answer before you ping.

☆PhistucK

[RAKESH CHAURASIA]

Hi Phistuck

Apologize for it. I need your help and expertise on this issue bro.

my question is :-   i am trying to get header enrichment ( msisdn ) with HTTPS in google chrome browser 

with http link when we are doing data saver mode 'OFF' in handset then we are getting the msisdn in chrome browser but with data saver mode ON i am not getting the msisdn with http link.

Have you did this before with HTTPS to get the msisdn in header enrichment?

will HTTPS connection can bypass the datasaver mode??

waiting  for your valuable feedback

thanks

[RAKESH CHAURASIA]

Hi PhistucK

Please suggest its urgent..

Please help !!

Thanks

[PhistucK]

Again, it is not fine to ping the thread so quickly. People have other stuff to do.

I have no answer.

☆PhistucK

[Andryan Gouw]

Hi Rakesh,

It has been a while since I started this thread, but using HTTPS will avoid using Google's proxy servers but there is no way for you can inject Header Enrichment to HTTPS connections.

Perhaps there should be some agreement between the telcos and Google to allow Header Enrichment for the telco's mobile Chrome users on non-HTTPS sites.  One scenario that I explored was through the use of the HTTP header "Cache-Control: no-transform", but unfortunately with the current browser behavior, this header alone doesn't trigger a refresh/retry by the browser upon receiving this particular header, so it's impossible to achieve with the current state of everything.

Cheers,

Andryan

[Torne (Richard Coles)]

This is the case explained here: https://developer.chrome.com/multidevice/data-compression-for-isps#proxy-bypass

You should contact the network operator who is doing the header insertion for you - they likely already have URLs registered for proxy bypass and will need to add your URLs to the list.