From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 20 02:45:15 2021 Received: (at submit) by debbugs.gnu.org; 20 Mar 2021 06:45:15 +0000 Received: from localhost ([127.0.0.1]:51393 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNVMJ-0006ry-Cg for submit@debbugs.gnu.org; Sat, 20 Mar 2021 02:45:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:60748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNVMF-0006rp-J0 for submit@debbugs.gnu.org; Sat, 20 Mar 2021 02:45:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37660) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lNVMF-0007Qi-7P for bug-gnuzilla@gnu.org; Sat, 20 Mar 2021 02:45:11 -0400 Received: from mail-lf1-x130.google.com ([2a00:1450:4864:20::130]:47070) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lNVMB-0004Gz-8u for bug-gnuzilla@gnu.org; Sat, 20 Mar 2021 02:45:10 -0400 Received: by mail-lf1-x130.google.com with SMTP id w37so13392845lfu.13 for ; Fri, 19 Mar 2021 23:45:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WKnRl2drIOX1fEO11ylo3wDNUVKR6Z2wq5+kGRD7hKk=; b=stkdGR6FtEDqQeJmNS8hTEg05YbFx2B3nvxSeESIBqahNwgJozKueSw9dnTAKrPYwk XQ+DGi34dFck8QAp33qxmTb/ZNAYORa9zm4k4Wxy00J8djNFifWAko6DUPRUCpCSfRLS vtdysHF+kURWns/ldvr70jPz0ZWUrqR4k29ZfMPIDcJwUAxKI4n16AEmVtt7IvxJkLuk Salnh+ubnVXRsObh+xnbf3oooRbGntvoL/DkGN/619s6bwQUwNtHXkPlwTLd+WgMAiBL /OXqzgT+K+FhUNf6ocd1q5Siltsylao4iA2vfGpqdmUh4vO7puvCAPwzyd5+GTgi5v2e HbFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WKnRl2drIOX1fEO11ylo3wDNUVKR6Z2wq5+kGRD7hKk=; b=l6RKh+Se1SGk1uDWbRB/EQ7QdGzftC4mUJLGhakbo7PqfssczfJ6+4uiU+GYhzzpNK bdqGXcit6P/gNt+AfFaoowOe25axbeiOihOHQG9pnmucTMTJ4yPfG7F0eyOn22vxI787 RLhkSYY7xzQIG60q2eOydQCEq1PSgo0032jE3v5rCF+LgRkxZF6OoOZXhwlpsTO+uo1l L6L51y8GYj5rvw4GDkBlxlREwPOV43cToOw2nuvPDSedM/RTnSwba64LK8BCin7TzPQ/ uRbg2fJKMmh664ZaSE6vctw+vvYx/C/Vm70XCIL5i2PaDJhm37HIlCRc498QYKXYGK3T 4Dow== X-Gm-Message-State: AOAM5321bIwGo+ousENm5yQWmeZgdbdepSBzMPQ85blvcfAjUe84n6DL 9gyU7wROyLhL02aiTeGyk3iXjge7/b/KvSyie2ywcQ+wPBc= X-Google-Smtp-Source: ABdhPJxeT5vzFL8H+eMg3t4NzwMIikgaOr50Fsa6jvK9bO91R7WlDOIJaOCsNdTLPUCaNtsW8rdei5Vvc5gEIGjRIhU= X-Received: by 2002:a05:6512:1093:: with SMTP id j19mr882069lfg.653.1616222703546; Fri, 19 Mar 2021 23:45:03 -0700 (PDT) MIME-Version: 1.0 From: =?UTF-8?Q?Jo=C3=A3o_Pedro_Simas?= Date: Sat, 20 Mar 2021 06:44:52 +0000 Message-ID: Subject: Stuck at Cloudflare 'browser checks' To: bug-gnuzilla@gnu.org Content-Type: multipart/alternative; boundary="0000000000001f748605bdf22c49" Received-SPF: pass client-ip=2a00:1450:4864:20::130; envelope-from=jpsimas@gmail.com; helo=mail-lf1-x130.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --0000000000001f748605bdf22c49 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable In various websites that use cloudflare's 'browser checks', IceCat 78.8.0 running on GNU Guix get's stuck in a loop, in which the page gets reloading indefinetely. The particular website I found this issue is gitlab.com, in particular it's sign in page ( https://gitlab.com/users/sign_in). I've also found an open issue about it on GNU Guix's bug mailing list ( https://issues.guix.gnu.org/45179) that mentions that at some point this issue potentialy could be fixed by changing the user agent, but it is not the case anymore. Sincerely Jo=C3=A3o --0000000000001f748605bdf22c49 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
In various websites that use cloudflare's 'br= owser checks', IceCat 78.8.0 running on GNU Guix get's stuck in a l= oop, in which the page gets reloading indefinetely.
The part= icular website I found this issue is gitlab.c= om, in particular it's sign in page ( https://gitlab.com/users/sign_in).
--0000000000001f748605bdf22c49-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 20 14:09:45 2021 Received: (at submit) by debbugs.gnu.org; 20 Mar 2021 18:09:45 +0000 Received: from localhost ([127.0.0.1]:53112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNg2j-0006Q7-9H for submit@debbugs.gnu.org; Sat, 20 Mar 2021 14:09:45 -0400 Received: from lists.gnu.org ([209.51.188.17]:36572) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNg2f-0006Px-HV for submit@debbugs.gnu.org; Sat, 20 Mar 2021 14:09:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41096) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lNg2f-0003eI-5I for bug-gnuzilla@gnu.org; Sat, 20 Mar 2021 14:09:41 -0400 Received: from fossa.birch.relay.mailchannels.net ([23.83.209.62]:15607) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lNg2c-0008Nm-LC for bug-gnuzilla@gnu.org; Sat, 20 Mar 2021 14:09:40 -0400 X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 5DCFC1E2810 for ; Sat, 20 Mar 2021 18:09:35 +0000 (UTC) Received: from pdx1-sub0-mail-a71.g.dreamhost.com (100-96-13-54.trex.outbound.svc.cluster.local [100.96.13.54]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id F24EC1E2947 for ; Sat, 20 Mar 2021 18:09:33 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from pdx1-sub0-mail-a71.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.13.54 (trex/6.1.1); Sat, 20 Mar 2021 18:09:35 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|bill-auger@peers.community X-MailChannels-Auth-Id: dreamhost X-Whistle-Hook: 3d7f77e427a5db22_1616263775199_1505806433 X-MC-Loop-Signature: 1616263775199:1298588455 X-MC-Ingress-Time: 1616263775199 Received: from pdx1-sub0-mail-a71.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTP id B910A83D64 for ; Sat, 20 Mar 2021 11:09:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=peers.community; h=date :from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=peers.community; bh=4 lTDWDW2mnEpPBVRPb2zOAyeHgk=; b=X0BOJl8q6ylmoMQ/kNKMnzV9qpdHDpXln nDiG5A68lFvb5N9ncLcgK+QCer0zFW0PlWqcyqGGIhbMP3jry8sHfrTDoRcdxlPV J4P8hHj0Y2i1XDxv6O3F0EC4zPNU7fJ/zUd/5vwjesFKYRDNqjYumYOPMKgZEdiL t82nwLytlA= Received: from parabola.localdomain (024-183-175-193.res.spectrum.com [24.183.175.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bill-auger@peers.community) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTPSA id 5AB1883D62 for ; Sat, 20 Mar 2021 11:09:33 -0700 (PDT) Date: Sat, 20 Mar 2021 14:09:00 -0400 X-DH-BACKEND: pdx1-sub0-mail-a71 From: bill-auger To: bug-gnuzilla@gnu.org Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' Message-ID: <20210320140900.1ee7f3b9@parabola.localdomain> In-Reply-To: References: Organization: parabola X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=23.83.209.62; envelope-from=bill-auger@peers.community; helo=fossa.birch.relay.mailchannels.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) i dont have a solution for this; but it turned up on the parabola bug tracker some months ago, conflated with other similar issues, which affected icecat and parabola's iceweasel, probably since v81 - i dont believe that the problem existed when iceweasel was v78, so it is probably not the browser configuration that changed; but something gitlab.com changed recently there seems to be multiple reasons why some websites dont work - one of them is the "enhanced tracking protection", another is geo-location - relaxing those settings, did not make gitlab.com work though there are multiple tickets on the gitlab bug tracker, which seem to be the same problem - several suggest that it is related to cookie expiration; but nothing indicated a solution i discovered that i could make gitlab,com work with iceweasel, by deleting the profile under ~/.mozilla/; but that trick did not work for icecat - i still dont know why that website rejects icecat - other instances of the gitlab software work as expected - changing the user-agent does not help either From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 24 18:50:22 2021 Received: (at 47276) by debbugs.gnu.org; 24 Mar 2021 22:50:22 +0000 Received: from localhost ([127.0.0.1]:36343 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPCKU-0001Kx-2O for submit@debbugs.gnu.org; Wed, 24 Mar 2021 18:50:22 -0400 Received: from mail-io1-f41.google.com ([209.85.166.41]:43545) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPBID-0005x5-Ex for 47276@debbugs.gnu.org; Wed, 24 Mar 2021 17:43:57 -0400 Received: by mail-io1-f41.google.com with SMTP id z136so23105889iof.10 for <47276@debbugs.gnu.org>; Wed, 24 Mar 2021 14:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o1pH4ejJh9/VSa62LZslTmRlWwVN05WkpmecYtPuO6Y=; b=IzcATugdvOWYlTU/THfJXnmMXMtEAP8OC6bxLSBlbwPbsLU6IhILTpahyQKNxzV7H/ m+JspmYqAGqdSc0zgBw4QhjQkR20S4ol09AnT/gzsQOvYxQERQ9TtsjLEvVpPGQT8MjG 2TzFF/WfPgZJALtdAW5/fB5Xko25ZazYT+V0dfFGGk8bRf34WIEq4G0EBPA260u4Px/4 s4v6IPypqxkOYZ9Obc4oaCQe8+/duJqKGoH5mPgL2T3pGy5qLQ1JxVFswsl8n3Ew7IEF lz5OA6zR0VKflq8We7IsYtCHYPrHufzGBGvLjVShH/KOAbs0wQhCnYQfp2NjDAjV+ke9 gkYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o1pH4ejJh9/VSa62LZslTmRlWwVN05WkpmecYtPuO6Y=; b=LamZtP4AxDo6VLGCu8c8LnLm5fgNQR5wijpyxRn5KVYa0+/0jVKfK6VuIb1ckFRZqF 68Q1fkjLKjk1r3kxbZStZ/E8M5BAzFM6aU1+4FuwXuqTzZ8m2uHU47pw+yQPVxSnGXce vOM195EuU5voi4SsFIhXKR3FhFETBOoBalERpPh2qcxRgVGJfjf3eFXYb6RfDaDQ/jon cJtA3qZ0VfgEV6gFGzM8omCvlKK7ca8sosji8Ys3KDLSOygZBbIPc+FyR/qXqLfjp4uK s4Nwz/tAdVDG6COfGEW5JXrnTxJe8npiQB/YKqtISFs/KZOOF7v0j6lfjlOlglQ8QS2r LVAQ== X-Gm-Message-State: AOAM531hVkYmtdAldeyXP5ttvR6n8hIKch3Up072Fvz9WTjDVpq9jxNa /NQueFH4LV6TSn1Rqtvj5mzRe361w5ryYRCwaFE6/ari X-Google-Smtp-Source: ABdhPJzbOqC9WM1XImF66U4af1yt+zWTWgd/6JovMa1Nyh/0EK5HfLNM1AaDbctQbr1EtIqN1NThjLftYJvYKvCsuaI= X-Received: by 2002:a05:6638:2711:: with SMTP id m17mr4861395jav.115.1616622231360; Wed, 24 Mar 2021 14:43:51 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6e02:b49:0:0:0:0 with HTTP; Wed, 24 Mar 2021 14:43:50 -0700 (PDT) In-Reply-To: <20210320140900.1ee7f3b9@parabola.localdomain> References: <20210320140900.1ee7f3b9@parabola.localdomain> From: Mart Rootamm Date: Wed, 24 Mar 2021 23:43:50 +0200 Message-ID: Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' To: bill-auger Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47276 X-Mailman-Approved-At: Wed, 24 Mar 2021 18:50:21 -0400 Cc: 47276@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Right-click the GitLab page, click on View Page Info, go to Permissions tab, scroll to the Cookie section, uncheck the default, and make sure Allow (radio button) is checked. In some cases, there's a Tools > Page Info menu option to access the same page properties window. Allowing cookies like that has usually worked for most things that have Cloudflare or other like protection from automated. Mozilla removed cookie prompting from Firefox 44.0. This worked by prompting to set cookies before any cookie was saved, and a user could allow a domain, allow it for session, or block it, and then set the permission as permanent. This also applied for third-party domains. A developer named Savarese has continually created patches to reinclude this functionality: https://www.savarese.org/patches/firefox.html If this very important privacy-enhancing functionality were reintroduced in GNU IceCat (including in older verisons, such as 68.x for Android), I'd make this browser my daily driver everywhere. -Mart. 2021-03-20 20:09 GMT +02:00, bill-auger : > i dont have a solution for this; but it turned up on the > parabola bug tracker some months ago, conflated with other > similar issues, which affected icecat and parabola's iceweasel, > probably since v81 - i dont believe that the problem existed > when iceweasel was v78, so it is probably not the browser > configuration that changed; but something gitlab.com changed > recently > > there seems to be multiple reasons why some websites dont work - > one of them is the "enhanced tracking protection", another is > geo-location - relaxing those settings, did not make gitlab.com > work though > > there are multiple tickets on the gitlab bug tracker, which seem > to be the same problem - several suggest that it is related to > cookie expiration; but nothing indicated a solution > > i discovered that i could make gitlab,com work with iceweasel, > by deleting the profile under ~/.mozilla/; but that trick did > not work for icecat - i still dont know why that website rejects > icecat - other instances of the gitlab software work as expected > - changing the user-agent does not help either > > > > From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 24 19:30:27 2021 Received: (at 47276) by debbugs.gnu.org; 24 Mar 2021 23:30:28 +0000 Received: from localhost ([127.0.0.1]:36432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPCxH-0002RK-Kg for submit@debbugs.gnu.org; Wed, 24 Mar 2021 19:30:27 -0400 Received: from dwarf.ash.relay.mailchannels.net ([23.83.222.53]:63547) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPCxF-0002R7-0u for 47276@debbugs.gnu.org; Wed, 24 Mar 2021 19:30:26 -0400 X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 1D4FF701B6B; Wed, 24 Mar 2021 23:30:21 +0000 (UTC) Received: from pdx1-sub0-mail-a47.g.dreamhost.com (100-101-162-27.trex.outbound.svc.cluster.local [100.101.162.27]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id B764D701AE4; Wed, 24 Mar 2021 23:30:18 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from pdx1-sub0-mail-a47.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.101.162.27 (trex/6.1.1); Wed, 24 Mar 2021 23:30:21 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|bill-auger@peers.community X-MailChannels-Auth-Id: dreamhost X-Army-Cooperative: 771b59e14ac417ea_1616628620809_2429016865 X-MC-Loop-Signature: 1616628620809:210335822 X-MC-Ingress-Time: 1616628620809 Received: from pdx1-sub0-mail-a47.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTP id 77FFB8AAE6; Wed, 24 Mar 2021 16:30:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=peers.community; h=date :from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s= peers.community; bh=Xz87Q3TEaDLGFCYUBf5VVmb663k=; b=MIRZxZalsDi9 AKuSQPvWy8t8Gyf2s4vkn8zX2xcKTpN6+MO/CAcGVa/K37aUbI/iqm2gNkinah4n MMGL7TR8uPZ6xXo5vL5CeJHBbmT2hoSJHmQVk7Gnsa4+OpvP/falhUGOTelV1H0w 8ptWU/HKMN+pnmIww/scQhcs9JX0tDo= Received: from parabola.localdomain (024-183-175-193.res.spectrum.com [24.183.175.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bill-auger@peers.community) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTPSA id CD95181760; Wed, 24 Mar 2021 16:30:17 -0700 (PDT) Date: Wed, 24 Mar 2021 19:29:44 -0400 X-DH-BACKEND: pdx1-sub0-mail-a47 From: bill-auger To: Mart Rootamm Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' Message-ID: <20210324192944.65f374fa@parabola.localdomain> In-Reply-To: References: <20210320140900.1ee7f3b9@parabola.localdomain> Organization: parabola X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47276 Cc: 47276@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, 24 Mar 2021 23:43:50 +0200 Mart wrote: > Right-click the GitLab page, click on View Page Info, go to > Permissions tab, scroll to the Cookie section, uncheck the default, > and make sure Allow (radio button) is checked. thanks for the suggestion; but it does not work - if it did, i would expect that it could be made to be the "use default" behavior for all websites, via the global preferences that could be by un-checking "cookies" in the "custom" section of "Enhanced Tracking Protection", or by whitelisting the host in "Manage Permissions" under "Cookies and Site Data" even with all three of those, gitlab.com sign-in page is still broken From debbugs-submit-bounces@debbugs.gnu.org Mon May 10 20:08:13 2021 Received: (at 47276) by debbugs.gnu.org; 11 May 2021 00:08:13 +0000 Received: from localhost ([127.0.0.1]:34562 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgFwb-0005Xu-1w for submit@debbugs.gnu.org; Mon, 10 May 2021 20:08:13 -0400 Received: from antelope.elm.relay.mailchannels.net ([23.83.212.4]:11172) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgFwZ-0005Xk-H5 for 47276@debbugs.gnu.org; Mon, 10 May 2021 20:08:12 -0400 X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 30D53541DDB for <47276@debbugs.gnu.org>; Tue, 11 May 2021 00:08:10 +0000 (UTC) Received: from pdx1-sub0-mail-a71.g.dreamhost.com (100-96-11-138.trex.outbound.svc.cluster.local [100.96.11.138]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9A35554193A for <47276@debbugs.gnu.org>; Tue, 11 May 2021 00:08:09 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from pdx1-sub0-mail-a71.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.11.138 (trex/6.2.1); Tue, 11 May 2021 00:08:10 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|bill-auger@peers.community X-MailChannels-Auth-Id: dreamhost X-Belong-Minister: 6a2e2cec167249e0_1620691689888_2154477079 X-MC-Loop-Signature: 1620691689888:1789510522 X-MC-Ingress-Time: 1620691689888 Received: from pdx1-sub0-mail-a71.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTP id 5565D82FEA for <47276@debbugs.gnu.org>; Tue, 11 May 2021 00:08:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=peers.community; h=date :from:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=peers.community; bh=t jiCk1lT+n2P9VLCqgnypdLEpaI=; b=WOooqaCN4FIWyt13Kx7U4L4WdzDUeaT1v FPxRofh023puHyP1ab2UT58Uq8Ab9UySfGZguOOA8l5T0KykevX7STluTMsyh2Wx QuHvlHAKxtQWfuCiOZAviv1mNI3a8CRBCct4Vx5udvoiOdtHlf5Is2BwARdoeqDN IlYgMEEoCQ= Received: from parabola.localdomain (024-183-175-193.res.spectrum.com [24.183.175.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bill-auger@peers.community) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTPSA id 13A3882FE7 for <47276@debbugs.gnu.org>; Tue, 11 May 2021 00:08:08 +0000 (UTC) Date: Mon, 10 May 2021 20:07:07 -0400 X-DH-BACKEND: pdx1-sub0-mail-a71 From: bill-auger Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' Message-ID: <20210510200707.208699e6@parabola.localdomain> In-Reply-To: <20210324192944.65f374fa@parabola.localdomain> References: <20210320140900.1ee7f3b9@parabola.localdomain> <20210324192944.65f374fa@parabola.localdomain> Organization: parabola X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: i may have found a solution for this there has been a long-standing debate in parabola, as to whether spoofing the user-agent is a good anti-fingerprinting measure - people tend to agree that it probably does more harm than good Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [23.83.212.4 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [23.83.212.4 listed in wl.mailspike.net] 1.2 MISSING_HEADERS Missing To: header 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: 47276 Cc: 47276@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.2 (/) i may have found a solution for this there has been a long-standing debate in parabola, as to whether spoofing the user-agent is a good anti-fingerprinting measure - people tend to agree that it probably does more harm than good for example, 'IceCat' in the user-agent string, actually presents significantly more identifiable information than the generic 'Firefox' would in addition to the user-agent string, there are javascript properties, which identify the browser and host - these are supposedly deprecated now; but they are available - icecat reports: 'Windows NT 6.1', where i believe this would be 'Windows NT 10.0' on most current windows systems related to this ticket, i have removed the user-agent over-rides in parabola's iceweasel, for the reasons above - the user-agent is now the same as archlinux and most other distros (the defaults) - in doing so, the problem with login to gitlab.com was resolved - i discovered that it is the 'general.platform.override' property, which is responsible for the gitlab/cloudflare rejecting the browser - presumably, because it conflicts with the user-agent information - setting it to 'Linux x86_64' (manually) satisfied the browser check; so this appears to be the general solution at least, the 'oscpu' and 'platform' properties should be updated to match the most common windows hosts - 'appVersion' also appears to be wrong - the default value is '5.0 (X11)' (not the browser version) - however, changing those properties to agree with the user-agent string, is effectively removing the overrides (which again, are deprecated) here is a test page: icecat: codeName=Mozilla appName=Netscape appVersion=78.0 oscpu=Windows NT 6.1 platform=Win32 product=Gecko buildID=Gecko/20100101 userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 IceCat/78.0 arch (default values): appCodeName=Mozilla appName=Netscape appVersion=5.0 (X11) oscpu=Linux x86_64 platform=Linux x86_64 product=Gecko buildID=Gecko/20100101 userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0 From debbugs-submit-bounces@debbugs.gnu.org Tue May 11 19:26:39 2021 Received: (at 47276) by debbugs.gnu.org; 11 May 2021 23:26:39 +0000 Received: from localhost ([127.0.0.1]:37773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgblv-0003NN-0t for submit@debbugs.gnu.org; Tue, 11 May 2021 19:26:39 -0400 Received: from mail-io1-f44.google.com ([209.85.166.44]:33337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lgbls-0003N9-TC for 47276@debbugs.gnu.org; Tue, 11 May 2021 19:26:37 -0400 Received: by mail-io1-f44.google.com with SMTP id a11so19860336ioo.0 for <47276@debbugs.gnu.org>; Tue, 11 May 2021 16:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ZiITPw5+Ot/oLkiFodSS9VhI3IEIga+XEhc/NqIiXXo=; b=RaeUeVMfrPYzT4IMMGBBGpCryh8R9Hy65HRxicEyVhUnRpcT0o76k9bdP8iaXoMvWR kZuHd54TdjQvK4pHnvyrDUADTuT2WMDXpLxBk5FJCajl7rQCG6YYjfJLhvAHrs/f9sFv AYWQVFzWG0TiUFuKtACpoPdT8NTAUTcDRZvYQBJvDiFJgVsD2sltuNsZCEnNJ+v2ULaH ZXHUG5SlgpJuS6fW5Tyk8A6GGF65g0Z7stYT1DOQgGcZL+o7m1dwC9nNbXMEbOshg1An wl3pyE3wXupdoTvOxN92GTfYJQQ54LX3AxvM9O8NOChLCFEc9RUr9+aXviK1h9GvDsR6 T0Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ZiITPw5+Ot/oLkiFodSS9VhI3IEIga+XEhc/NqIiXXo=; b=In3ucSjIeHjAFeqr2G5kwTAaHsj3Dm3L2NP4NdnTbTDJKJMlOa7CtMbZ0dFXFmF4Gv 3xyvdUAwIlhg3Q56x/FdaNJf+63bXlTZUZ83iju4K8mnUBjeGLPbybayU1FDOS5iT5WR 4ZCdweEPGjwHYc7cMXV3dhfiWxqwIQNaEfp1dxjNAW1UVuC7V91Rpj3UhqgvEK3Vdteg 3ALjISB1LVvrIkBRReAdRpg3AA2VYGx3IoidhGz8hU6QcqOsJf+/O9KqdU82Nr7cqyuN zrA/9zywzuaBJzNQJwy8pT40En93QT4IjFMw0iUHMygf5MJ0hTyd17f91kwEnsUFV/kS 6hNA== X-Gm-Message-State: AOAM5313YH9HTLKYxJGeWPk9zBQyzEx1GldRzxfuZ+GgGT2B2ESGuO8t 50FGzgemyGVMPpeT0+8qimqPWjhtRa6JWWn/uhFr65Ai X-Google-Smtp-Source: ABdhPJzh6eiNYCrZbSepdNCtBDtGwO52CPUKn863aDmdvaesXQ0GH4aMPHL2ckAnJaudcPEvPpe7DwRexoG04l+JBFM= X-Received: by 2002:a6b:ec03:: with SMTP id c3mr24191748ioh.103.1620775591089; Tue, 11 May 2021 16:26:31 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a92:8705:0:0:0:0:0 with HTTP; Tue, 11 May 2021 16:26:30 -0700 (PDT) In-Reply-To: <20210510200707.208699e6@parabola.localdomain> References: <20210320140900.1ee7f3b9@parabola.localdomain> <20210324192944.65f374fa@parabola.localdomain> <20210510200707.208699e6@parabola.localdomain> From: Mart Rootamm Date: Wed, 12 May 2021 02:26:30 +0300 Message-ID: Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' To: 47276@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47276 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) It appears, that Cloudflare might have been designed to detect a mismatch between what the string reports itself as, and what the oscpu and platform strings say. > whitelisting the host in "Manage Permissions" under > "Cookies and Site Data" This whitelisting works via View Page Info, too, where Allow under Cookies is selected. -M. 2021-05-11 3:07 GMT +03:00, bill-auger : > i may have found a solution for this > > there has been a long-standing debate in parabola, as to whether > spoofing the user-agent is a good anti-fingerprinting measure - > people tend to agree that it probably does more harm than good > > for example, 'IceCat' in the user-agent string, actually presents > significantly more identifiable information than the generic > 'Firefox' would > > in addition to the user-agent string, there are javascript > properties, which identify the browser and host - these are > supposedly deprecated now; but they are available - icecat > reports: 'Windows NT 6.1', where i believe this would be > 'Windows NT 10.0' on most current windows systems > > related to this ticket, i have removed the user-agent > over-rides in parabola's iceweasel, for the reasons above - > the user-agent is now the same as archlinux and most other > distros (the defaults) - in doing so, the problem with login > to gitlab.com was resolved - i discovered that it is the > 'general.platform.override' property, which is responsible for > the gitlab/cloudflare rejecting the browser - presumably, > because it conflicts with the user-agent information - setting > it to 'Linux x86_64' (manually) satisfied the browser check; > so this appears to be the general solution > > at least, the 'oscpu' and 'platform' properties should be updated > to match the most common windows hosts - 'appVersion' also appears > to be wrong - the default value is '5.0 (X11)' (not the browser > version) - however, changing those properties to agree with the > user-agent string, is effectively removing the overrides (which > again, are deprecated) > > here is a test page: > > > icecat: > codeName=Mozilla > appName=Netscape > appVersion=78.0 > oscpu=Windows NT 6.1 > platform=Win32 > product=Gecko > buildID=Gecko/20100101 > userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 > IceCat/78.0 > > arch (default values): > appCodeName=Mozilla > appName=Netscape > appVersion=5.0 (X11) > oscpu=Linux x86_64 > platform=Linux x86_64 > product=Gecko > buildID=Gecko/20100101 > userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 > Firefox/88.0 > > > > From debbugs-submit-bounces@debbugs.gnu.org Wed May 12 00:39:57 2021 Received: (at 47276) by debbugs.gnu.org; 12 May 2021 04:39:58 +0000 Received: from localhost ([127.0.0.1]:37947 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lggf7-0002yc-L4 for submit@debbugs.gnu.org; Wed, 12 May 2021 00:39:57 -0400 Received: from eastern.birch.relay.mailchannels.net ([23.83.209.55]:52998) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lggf5-0002yT-Jb for 47276@debbugs.gnu.org; Wed, 12 May 2021 00:39:56 -0400 X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 41B41701B2D for <47276@debbugs.gnu.org>; Wed, 12 May 2021 04:39:54 +0000 (UTC) Received: from pdx1-sub0-mail-a48.g.dreamhost.com (100-96-27-184.trex.outbound.svc.cluster.local [100.96.27.184]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id D3BE5701AE5 for <47276@debbugs.gnu.org>; Wed, 12 May 2021 04:39:51 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from pdx1-sub0-mail-a48.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.27.184 (trex/6.2.1); Wed, 12 May 2021 04:39:54 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|bill-auger@peers.community X-MailChannels-Auth-Id: dreamhost X-Trouble-Wide-Eyed: 0a368e0c16304af0_1620794394066_3797517833 X-MC-Loop-Signature: 1620794394066:2455634525 X-MC-Ingress-Time: 1620794394065 Received: from pdx1-sub0-mail-a48.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a48.g.dreamhost.com (Postfix) with ESMTP id 966D4847D4 for <47276@debbugs.gnu.org>; Tue, 11 May 2021 21:39:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=peers.community; h=date :from:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=peers.community; bh=U W+gPWfdfMTStnllncvwvQcZJO8=; b=YjH6RDR+SFucTs3CHeA4mDZYD7sekfPab 4Qxlf7lZegRgNBHSWwvPhmow/z3+a/8XVNlF0oH++I4ZVRj3kSH4YUPzJl32iK0u aqmNwQdpfRpKqLL0PThoDm2MJ+TWdjtV3EOQFZSFGGUTKMIYulFrEW8lGDRwS8we v3T/OGMlaQ= Received: from parabola.localdomain (024-183-175-193.res.spectrum.com [24.183.175.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bill-auger@peers.community) by pdx1-sub0-mail-a48.g.dreamhost.com (Postfix) with ESMTPSA id 469CC7F10F for <47276@debbugs.gnu.org>; Tue, 11 May 2021 21:39:50 -0700 (PDT) Date: Wed, 12 May 2021 00:38:48 -0400 X-DH-BACKEND: pdx1-sub0-mail-a48 From: bill-auger Subject: Re: bug#47276: Stuck at Cloudflare 'browser checks' Message-ID: <20210512003848.77f590ee@parabola.localdomain> In-Reply-To: <20210510200707.208699e6@parabola.localdomain> References: <20210320140900.1ee7f3b9@parabola.localdomain> <20210324192944.65f374fa@parabola.localdomain> <20210510200707.208699e6@parabola.localdomain> Organization: parabola X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: this is the browser/host info from a real windows10 system running upstream firefox: codeName=Mozilla appName=Netscape appVersion=5.0 (Windows) oscpu=Windows NT 10.0; Win64; x64 platform=Win32 product [...] Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 MISSING_HEADERS Missing To: header 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [23.83.209.55 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [23.83.209.55 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: 47276 Cc: 47276@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.2 (/) this is the browser/host info from a real windows10 system running upstream firefox: codeName=Mozilla appName=Netscape appVersion=5.0 (Windows) oscpu=Windows NT 10.0; Win64; x64 platform=Win32 product=Gecko buildID=20181001000000 userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 here are two mutually-exclusive patches, one for each potential fix: update spoofed user-agent to match firefox on windows10: https://git.parabola.nu/~bill-auger/icecat.git/commit/?h=update-spoofed-useragent&id=9b0b4bbbbf144d6d1f319330191ed8990079b6a7 do not spoof user-agent at all (default generic "Linux "): https://git.parabola.nu/~bill-auger/icecat.git/commit/?h=do-not-spoof-useragent&id=1351954b2fba37cec9262e970a84ce0d7b62df1d