I use uMatrix for years now and SourceHut is the only Website where I have to disable uMatrix completely or else I cannot login. Did anybody else face this problem and solved it with some custom rule or so?

Edit: Problem solved, not uMatrix’ fault.

  • ufra@lemmy.ml
    2·
    4 years ago

    Ok. I just tried in FF and umatrix and created an issue on one of my projects and still am logged in. FF also gives me the CSP message about blocking inline scripts.

    • qoheniac@lemmy.mlOP
      1·
      4 years ago

      I go to https://todo.sr.ht/, log in, wait around 10s or so, hit F5, I’m logged out and uMatrix shows cookie deleted: http://sr.ht/{persistent-cookie:sr.ht.unified-login.v1}.

      • ufra@lemmy.ml
        2·
        4 years ago

        Got it. I was accepted everything from *.sr.ht. If I block the cookies it logs out on refresh. I assume you want to block first party resources from them?

        • qoheniac@lemmy.mlOP
          1·
          4 years ago

          Hmm, but I do not block the cookies. Per default I allow everything first-party except scripts and for *.sr.ht my only rule is to allow first-party scripts, so everything first-party is allowed. And it doesn’t block the cookie but deletes it after 10 seconds or so. I never saw this behavior on any other site.

          • ufra@lemmy.ml
            2·
            4 years ago

            After looking around, I see it’s possible my uMatrix is not able to delete cookies due to 1st party isolation. The closest thing I could find to your issue is https://github.com/uBlockOrigin/uMatrix-issues/issues/51

            On the other hand, the workaround for the issue here is to simply explicitly allow the cookie for the specific sites:

            subscene.com 1st-party cookie allow

            reddit.com 1st-party cookie allow

            This way there is no ambiguity

            Hopefully someone else can reproduce it.

            • qoheniac@lemmy.mlOP
              1·
              4 years ago

              Oh boy, I just notice I completely wasted your time. uMatrix has nothing to do with it! I use an add-on called Cookie AutoDelete that has a feature which deletes first-party cookies after a domain change if you do not return to the cookies domain within some time (for me 15 seconds). I have had problems with this thing, but it seems like sr.ht triggers it on login and 15 seconds later the cookie is deleted. But I don’t understand why exactly the login process for sr.ht triggers this but no other pages.

              • ufra@lemmy.ml
                2·
                4 years ago

                np. that crossed my mind when I read one github comment that said umatrix reports deleted cookies even if it didn’t delete it. glad you figured it out.