Browser is blocked by Akamai and Cloudflare

The SFOS browser is a lost cause. And jolla doesn’t have the resources to make it work properly.

2 Likes

Well, in fact that means that all the ports without AD are a lost cause, too, doesn’t it?

1 Like

That’s a bit drastic a statement. The browser was a ‘lost cause’ in 3.4 and jolla got it that bit farther and it was no longer a lost cause.

The cloud proxy people are really a nasty issue here because, like twitter, fb and co. they make up rules as they go along.

4 Likes

No. If SFOS worked as good as my everyday distro it would be fine. Ie i can do all of my banking stuff through the browser on my laptop. Would it be nice to have a banking app. Hell yes. But i can work around that with a proper browser.
And there are many examples of the phone not working as good as the average distro.

No matter if we like it or not we are not as big of a crowd so people take notice and solve the issues we face. There are a few browsers that are considered “standard”. And the solution would be to have one of them available natively on the phone (like normal distros). I know its not possible due to many factors -mostly resources- but with what we have now we end up chasing out tail.

I’m solutions oriented. I search for solutions. I work on bugs that appear to be related to one thing only to discover they were something else. In one case, a long standing compositor bug. That one, as with a recently discovered bug in webviews, was quickly patched by jolla.

clearly, this required a bunch of time on my part. my point being, let’s focus on finding enough information about why something happens to funnel that info to jolla employees. they react faster than the 3rd party services in question. they just need us to provide actionable infos.

None of us has provided the info as to WHY akamai/cloudflare is blocking. One testing approach I thought of was to create a webview component and start feeding it user agent strings until I found one that worked. failing that, javascript tests. In any case, I’m too busy at the moment with other bugs.

2 Likes

@flypig did in the thread here (the one which you are at now) and I added some information and links in this related thread.

As linked to, I had no success trying that with curl, but only used a few user-agent strings, which were recent at that time (October 2020). But look, we are considering exactly the same as someone preparing bots for a DDoS would, that is why my conclusion was:

As expected these measures are designed to be non-circumventable.

This makes me wonder, I know there are other mobile OS (more niche than Sailfish), what browser do they use? Presumably there are more than one? Are there any good alternative browsers on Sailfish? Is there not a single combined browser project that combines effort and runs on multiple mobile OSes? Why isn’t there a port of say firefox for sailfish (I know the built-in browser is based on the firefox engine)?

2 Likes

Just to be clear my comment weren’t to demean the bug fighting efforts of the community. Its just that we will never be able -with the current resources- to have a kick ass browser with all the bells and whistles.

IMO is better to collaborate with/be part of a big organization when it comes to apps like that.

While I understand your anger please stay on topic, in case of other issues please create a new thread.

1 Like

I’ll have a look at your thread. This is not a question of a bot, but a client. I would post every part of the http session into the web view to see what request and response look like. I know I can simulate this process to some extent with curl, but it’s not the same thing.

1 Like

I tested https://www.k-ruoka.fi today, the site also use Cloudflare, strangely only the mobile site was affected.

To use I’ve used EMBED_CONSOLE=1 sailfish-browser as described in the Sailfish OS docs down below:

In this sites case the cloudflare JavaScript doesn’t load:

CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_2” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a" line: 1}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_2” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a" line: 1}]
CONSOLE message:
[JavaScript Warning: "The ‘content’ attribute of Window objects is deprecated.  Please use ‘window.top’ instead." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "onmozfullscreenchange is deprecated." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "onmozfullscreenerror is deprecated." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Error: "Security Error: Content at https://www.k-ruoka.fi/kauppa/tuote/voner-jouluvarras-400g-viipaloitu-6430069071019 may not load data from https://kkc6w.cloudflarecaptcha.com/."]
CONSOLE message:
[JavaScript Warning: "The ‘content’ attribute of Window objects is deprecated.  Please use ‘window.top’ instead." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "onmozfullscreenchange is deprecated." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "onmozfullscreenerror is deprecated." {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_cc_nJMrJAgIdwKE” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_cc_UKSqaIhqArCU” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_cc_nJMrJAgIdwKE” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_cc_UKSqaIhqArCU” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]
CONSOLE message:
[JavaScript Warning: "Cookie “cf_chl_rc_m” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite" {file: "https://www.k-ruoka.fi/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=781eb6ec5bdcd90a line 1 > Function" line: 3}]

The JavaScript check not loading properly cloud be also why other sides don’t work.

3 Likes

nettiauto.fi has had similar issues for me, it loads the captcha but only after a really looong time. From the above logs, cross-site problems / aka client side security “too strong” for cloudflare?
curl will only help one request at the time ( and give clues on UA and http level)

Just ran a few tests against gigantti.fi myself.

  1. My usual setup: Works without problems, but my Jolla is behind an ad-blocking DNS (similar to Pi-Hole DNS).
  2. Switched to some public DNS (9.9.9.9): Access Denied. Apparentently some ad-provider included in the site and blocked by my DNS triggers the problems.
  3. Switched back to my DNS: Still no access. Hence information about access must be persistently stored.
  4. Deleted most cookies: Site is back to normal.
2 Likes

Interesting… I still have a blunt Acess denied from Cloudfare on http://bank.varomoney.com/signup

I see the problem on several ecommerce sites. The example I definitely remember and can replicate is the US overstock retailer Sierra Trading Post: www.sierra.com. As soon as I search for a product, I get the “Access Denied You don’t have permission to access http://www.sierra.com/…”

Browser still blocked by cloudflare on 4.5.0.19!

Also on 4.5.0.21 !
20chars

Probably OT, but I downloaded and installed this app because I am very interested in weather.
All I got out of that was heavily reminded why I do not use android apps, except from the mandatory banking shit. :unamused:

2 Likes

Yeah, I’m using the API which strips all the bull :slight_smile: I hadn’t actually tried the android app, but just the web app and the APIs.

1 Like

I’ve reached out to Adam Martinetti from Cloudflare (PM of challenge platform) as he was offering his help in a recent HN thread to firefox users that get endless challenge. Did get a reply (yay) and he’s optimistic as they managed to get waterfox users’ issues fixed, the only problem is I don’t think there is a way for us to get a HAR file from our browser when it fails a challenge (gets into endless loop), I did send him logs from gitlab user login, but not sure if that has all the info that a HAR would. Does anybody know how to get our browser to generate HAR file? Any Jolla devs maybe have a secret build with dev tools enabled (and a secret right-click option too I guess)?

9 Likes