Cloudflare

Posted January 20th, 2023, 11:14 am

rainyd wrote:I think, it's probably not a bug in Seamonkey, however since yesterday, I can't login to Nexus Mods anymore

TPR75 wrote:Unfortunately, last week it was working for me but today I can't log-in

DerVVulfman wrote: The fault is not with these. And again, I have had not an issue to gain entry until two weeks ago. The fault lay here.

It's fine to ask for a workaround in SM Support, but this thread shouldn't have been posted in Bugs,..

... i.e. if this site worked a month ago for y'all and you haven't changed SeaMonkey versions since, then y'all already know damn well that this isn't a SM bug, but a problem with that website.

Posted January 20th, 2023, 1:12 pm

Frank Lion wrote:... i.e. if this site worked a month ago for y'all and you haven't changed SeaMonkey versions since, then y'all already know damn well that this isn't a SM bug, but a problem with that website.

It's not a bug, it's a feature. Or actually lack of feature(-s) present in latest Firefox. So it should be in "SeaMonkey Features" subforum... :wink:

Posted January 20th, 2023, 5:13 pm

frg wrote:There is nothing in the error log. Not sure what they want from SeaMonkey which is missing.

Most likely, something of this sec- shit, i.e. Sec-Fetch-Site[1] et al.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site

Posted January 21st, 2023, 5:52 am

n0spam wrote:
frg wrote:There is nothing in the error log. Not sure what they want from SeaMonkey which is missing.

Most likely, something of this sec- shit, i.e. Sec-Fetch-Site[1] et al.

[1] https://developer.mozilla.org/en-US/doc ... Fetch-Site

Could be this?
https://bugzilla.mozilla.org/show_bug.cgi?id=1508292

Posted January 21st, 2023, 8:38 am

TPR75 wrote:
n0spam wrote:
frg wrote:There is nothing in the error log. Not sure what they want from SeaMonkey which is missing.

Most likely, something of this sec- shit, i.e. Sec-Fetch-Site[1] et al.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site

Could be this?
https://bugzilla.mozilla.org/show_bug.cgi?id=1508292

Yeah, most likely. Or it could be client hints (sec-ch-*). Or both. You never know to what lengths a bunch of useless di%@s trying to justify their existence could go.

Posted January 21st, 2023, 11:41 am

Nope, sending sec-fetch-* and sec-ch-* (code below) doesn't help. Tried with a Chrome 97 and a Firefox 102 user-agent - slightly different flow, but still end up in an infinite loop. Although maybe they also are using TLS fingerprinting and deny access if it doesn't match the user-agent in the request headers, idk. OTOH, even with TLS fingerprinting it should've worked with a Firefox user-agent because both Firefox and SeaMonkey use the same TLS engine (or at least should use, if I'm interpreting "backported security stuff from the latest FF" in the release notes correctly), so the cipher list should be the same.
Anyway, that was as much time as I could afford wasting on these clowns, sorry.

Code: Select all: // Call obs.unregister() when done. // Replace obs.observe_impl with your implementation if needed. var obs = (function(){ var Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils; var obs = {observe: function(subject, topic, data){return rc.observe_impl.apply(this, arguments);}}; var rc = { observe_impl: function(subject, topic, data){}, register: function(){ Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService) .addObserver(obs, "http-on-modify-request", false); }, unregister: function(){ Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService) .removeObserver(obs, "http-on-modify-request"); }, }; rc.observe_impl = (function(){ var log = console.error.bind(console); var matchers = [ { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/scripts\/alpha\/invisible\.js/, headers: { "sec-fetch-dest": "script", "sec-fetch-mode": "no-cors", "sec-fetch-site": "same-origin", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/scripts\/pica\.js/, headers: { "sec-fetch-dest": "worker", "sec-fetch-mode": "same-origin", "sec-fetch-site": "same-origin", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/cv\/result\//, headers: { "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "origin": "https://users.nexusmods.com", } }, { matcher: /users\.nexusmods\.com\/auth\/sign_in/, headers: { "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "same-origin", "sec-fetch-user": "?1", "origin": "https://users.nexusmods.com", "referer": "https://users.nexusmods.com/", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/orchestrate\/jsch\/v1\?/, headers: { "sec-fetch-dest": "script", "sec-fetch-mode": "no-cors", "sec-fetch-site": "same-origin", } }, { matcher: /\/cdn-cgi\/images\/trace\/jsch\/js\/transparent\.gif/, headers: { "sec-fetch-dest": "image", "sec-fetch-mode": "no-cors", "sec-fetch-site": "same-origin", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/flow\/ov1\//, headers: { "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "origin": "https://users.nexusmods.com", "referer": "https://users.nexusmods.com/auth/sign_in", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/img\//, headers: { "sec-fetch-dest": "image", "sec-fetch-mode": "no-cors", "sec-fetch-site": "same-origin", "referer": "https://users.nexusmods.com/auth/sign_in", } }, { matcher: /\/cdn-cgi\/challenge-platform\/h\/g\/pat\//, headers: { "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "referer": "https://users.nexusmods.com/auth/sign_in", } }, ].map(function(o){ function make_matcher(v) { if (typeof(v) === "function") { return v; } if (v instanceof RegExp) { return function(s){return v.test(s);}; } // Assume String. return function(s){return s == v;}; } o.matches = make_matcher(o.matcher); return o; }); return function (channel, topic, data) { if (topic !== "http-on-modify-request") { return; } channel.QueryInterface(Components.interfaces.nsIHttpChannel); channel.setRequestHeader("sec-ch-ua", '"Chromium";v="97", " Not;A Brand";v="99"', false); channel.setRequestHeader("sec-ch-ua-mobile", "?0", false); channel.setRequestHeader("sec-ch-ua-platform", '"Windows"', false); matchers.some(function(o){ if ( ! o.matches(channel.URI.spec, channel)) { return; } var headers = o.headers; Object.keys(headers).forEach(function(h){ headers.hasOwnProperty(h) && channel.setRequestHeader(h, headers[h], false); }); return true; }); }; })(); rc.register(); return rc; })();

Posted January 21st, 2023, 12:39 pm

n0spam wrote:OTOH, even with TLS fingerprinting it should've worked with a Firefox user-agent because both Firefox and SeaMonkey use the same TLS engine (or at least should use, if I'm interpreting "backported security stuff from the latest FF" in the release notes correctly), so the cipher list should be the same.

Maybe I'm looking in wrong places but it looks like patch for bug 1508292 was not backported:
https://www.wg9s.com/comm-253/patches/s ... e/patches/

https://foss.heptapod.net/seamonkey/moz ... ch/default

Posted January 22nd, 2023, 3:14 pm

n0spam wrote:Nope, sending sec-fetch-* and sec-ch-* (code below) doesn't help. Tried with a Chrome 97 and a Firefox 102 user-agent - slightly different flow, but still end up in an infinite loop. Although maybe they also are using TLS fingerprinting and deny access if it doesn't match the user-agent in the request headers, idk. OTOH, even with TLS fingerprinting it should've worked with a Firefox user-agent because both Firefox and Sea

You're really, really overthinking all this. Complex problems often do not need complex solutions.

As has happened before, this latest stuff with Cloudflare is just a simple UA string fix.

Posted January 23rd, 2023, 1:10 am

Frank Lion wrote:As has happened before, this latest stuff with Cloudflare is just a simple UA string fix.

I've tried overriding UA with:

Code: Select all: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

... and

Code: Select all: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0

... and (latest Edge under Win10)

Code: Select all: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.61

For both Nexus Mods:

Code: Select all: general.useragent.override.nexusmods.com

... and Cloudflare:

Code: Select all: general.useragent.override.cloudflare.com

And as general override too.

It's not working. So, what did you do to make it work?

Posted January 23rd, 2023, 6:12 am

Still all think this is a SM bug?

TPR75 wrote:It's not working. So, what did you do to make it work?

Well, yesterday, I used a really old Firefox 60 UA to get an 'old browser' message that links to this - https://developers.cloudflare.com/funda ... er-support

If you are already using a major web browser, make sure it is using the latest version.

..which shows that you messing about with a Firefox 102 UA is never going to work. (it's 109 now)

Next, I....and here we get to the 'Give a Man a Fish' moment. ...As I've mentioned before, real world logic doesn't work with computer coding, especially with UA stuff. So this 'ive tried the latest Firefox UA and even that didn't work!!!!' is not going to cut it.

So, either you learn how computer code 'thinks' (possible after a while with theme coding) or use a scattergun approach (as I do) and try everything, irrespective of real world logic.

Good luck on your journey, which at least now you know is possible (and a lot quicker than writing many of the above posts)

Posted January 23rd, 2023, 9:07 am

Frank Lion wrote:

Still all think this is a SM bug?

TPR75 wrote:It's not working. So, what did you do to make it work?

Well, yesterday, I used a really old Firefox 60 UA to get an 'old browser' message that links to this - https://developers.cloudflare.com/funda ... er-support

If you are already using a major web browser, make sure it is using the latest version.

..which shows that you messing about with a Firefox 102 UA is never going to work. (it's 109 now)

Next, I....and here we get to the 'Give a Man a Fish' moment. ...As I've mentioned before, real world logic doesn't work with computer coding, especially with UA stuff. So this 'ive tried the latest Firefox UA and even that didn't work!!!!' is not going to cut it.

So, either you learn how computer code 'thinks' (possible after a while with theme coding) or use a scattergun approach (as I do) and try everything, irrespective of real world logic.

Good luck on your journey, which at least now you know is possible (and a lot quicker than writing many of the above posts)

I understand you like to think about yourself Top Cat...

... but I just tried your UA:

Code: Select all: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 SeaMonkey/2.53.14

... and it's not working (constant "checking").
Modified UA:

Code: Select all: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

... gives:
"Your browser is out of date!
Update your browser to view this website correctly."

I'm asking You a question like for ElTxolo: do You have account there? Did you tried to really log-in?

I can display page with empty fields for login and password too. It's here:
https://users.nexusmods.com/

But filling them and proceeding will not work - it will fail on authentication step:
https://users.nexusmods.com/auth/sign_in

Actually, "LOG IN" button has this link:

Code: Select all: https://users.nexusmods.com/auth/continue?client_id=nexus&redirect_uri=https://www.nexusmods.com/oauth/callback&response_type=code&referrer=https%3A%2F%2Fwww.nexusmods.com%2F

https://users.nexusmods.com/auth/continue?client_id=nexus&redirect_uri=https://www.nexusmods.com/oauth/callback&response_type=code&referrer=https%3A%2F%2Fwww.nexusmods.com%2F

So IF this really works for You then please write it here, step-by-step simple procedure. Maybe I'm missing something simple here...

Posted January 23rd, 2023, 9:54 am

TPR75 wrote:I understand you like to think about yourself Top Cat...

Then you understand nothing.

I'm sick and tired, first in the Firefox forums and now here, of always dropping into threads with so-called 'magic bullet' solutions, even though I've explained countless times how I approach problems and that anyone can do the same. But, they never even try to.

tl:dr? It's precisely because I don't want to be any 'Top Cat' that I'm doing it this way, so that people think for themselves.

... but I just tried your UA:
Code: Select all
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 SeaMonkey/2.53.14

.. and it's not working (constant "checking").

Yeah, because for me to post the right workaround UA here or in the screenshot is really likely.

do You have account there? Did you tried to really log-in?

Yes and yes. (see datestamp on screenshot) -

IF this really works for You then please write it here

No.

Posted January 26th, 2023, 4:13 am

rainyd wrote:I think, it's probably not a bug in Seamonkey...

...Is there any workaround to fix that issue?

Yep, use the following UA override -

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.9) Gecko/20100101 Goanna/4.3 Firefox/60.9 PaleMoon/28.6.1

NB. No big deal posting this thread in Bugs.

Posted January 26th, 2023, 7:31 am

Thank you warmly for the help, Frank.

Btw, I don't mind if this thread will be moved to more appropriate section.

Cloudflare

Who is online