Search code examples
firefoxfirefox-addonfirefox-addon-sdknavigator

Remove oscpu property from from window.navigator

If you are using FireFox, navigator has a property oscpu.

The property can be easily changed by appending general.oscpu.override value in about:config.

But, this option is present only in FireFox and does not exist in any other browser. This allows a 100% certainty to determine the type of browser.

Conventional means can not remove it. Whatever happened that ( oscpu in navigator) would return false.

All this does not work:

delete navigator.oscpu;
'oscpu' in navigator; // true

navigator.oscpu = null;
'serviceWorker' in navigator; // true
navigator.oscpu === null; // false

Object.defineProperty(navigator, "oscpu", { 
  configurable: true,
  value: undefined
});
'oscpu' in navigator; // true
navigator.oscpu === undefined; // true

Are there ways to remove this property from navigator? And indeed any other parameter. I am writing a Firefox Add-on SDK extension.

Solution

  • There are potential side effects of doing what you are wanting to accomplish. It would be helpful to know what your goals are in order to determine a good way to accomplish what you desire.

    However, for what you have specifically requested, removing navigator.oscpu in the current scope, the following works:

    //This specific code relies on navigator referring to the object which you want to
//  modify. In an Add-on SDK extension, if navigator is _actually_ the object you need
//  to modify to accomplish what you desire will depend on the scope you are in and
//  what object you have set the variable navigator to refer to.

delete navigator.__proto__.oscpu;
console.log(navigator.oscpu);      // undefined
'oscpu' in navigator               // false

    Note that you will need to do this within every context/scope in which you desire for it to have effect. In general, this means that you will need to inject a content script into every page and frame in which you wish this to be the case. It also means that you should take care to only do it in the context/scopes in which you are wanting it to be seen by whatever JavaScript you are attempting to spoof (i.e. within the scope of page scripts, not in the scope of code running with Chrome privileges.).