I use uMatrix for years now and SourceHut is the only Website where I have to disable uMatrix completely or else I cannot login. Did anybody else face this problem and solved it with some custom rule or so?

Edit: Problem solved, not uMatrix’ fault.

  • ufra@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    4 years ago

    I use both and just logged in with no issue. This is on ungoogled chromium but I never had an issue with firefox in the past.

    My console does show a message “refused to execute inline script because it violates CSP …”

    What does uMatrix panel and the browser console show on yours?

    • qoheniac@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      4 years ago

      I’m on my phone at the moment, but I can check later. Just for the sake of completeness: I’m using Firefox and at first it seems like I can login, but as soon as I try to do something, e. g. write a comment, it fails and I’m logged out.

      • ufra@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        4 years ago

        Ok. I just tried in FF and umatrix and created an issue on one of my projects and still am logged in. FF also gives me the CSP message about blocking inline scripts.

        • qoheniac@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          4 years ago

          I go to https://todo.sr.ht/, log in, wait around 10s or so, hit F5, I’m logged out and uMatrix shows cookie deleted: http://sr.ht/{persistent-cookie:sr.ht.unified-login.v1}.

          • ufra@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            4 years ago

            Got it. I was accepted everything from *.sr.ht. If I block the cookies it logs out on refresh. I assume you want to block first party resources from them?

            • qoheniac@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              4 years ago

              Hmm, but I do not block the cookies. Per default I allow everything first-party except scripts and for *.sr.ht my only rule is to allow first-party scripts, so everything first-party is allowed. And it doesn’t block the cookie but deletes it after 10 seconds or so. I never saw this behavior on any other site.

              • ufra@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                4 years ago

                After looking around, I see it’s possible my uMatrix is not able to delete cookies due to 1st party isolation. The closest thing I could find to your issue is https://github.com/uBlockOrigin/uMatrix-issues/issues/51

                On the other hand, the workaround for the issue here is to simply explicitly allow the cookie for the specific sites:

                subscene.com 1st-party cookie allow

                reddit.com 1st-party cookie allow

                This way there is no ambiguity

                Hopefully someone else can reproduce it.

                • qoheniac@lemmy.mlOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 years ago

                  Oh boy, I just notice I completely wasted your time. uMatrix has nothing to do with it! I use an add-on called Cookie AutoDelete that has a feature which deletes first-party cookies after a domain change if you do not return to the cookies domain within some time (for me 15 seconds). I have had problems with this thing, but it seems like sr.ht triggers it on login and 15 seconds later the cookie is deleted. But I don’t understand why exactly the login process for sr.ht triggers this but no other pages.