I use uMatrix for years now and SourceHut is the only Website where I have to disable uMatrix completely or else I cannot login. Did anybody else face this problem and solved it with some custom rule or so?
Edit: Problem solved, not uMatrix’ fault.
anyways, why uMatrix. I think now uBlock origin have everything and up-to date
I use both.
Edit: Ok, it seems uMatrix is unmaintained for half a year now or so. What a shame. I hope somebody forks it.
AFIAK uBlock origin in advanced mode can do the same thing as uMatrix
Nice, that looks good. Didn’t know that!
I use both and just logged in with no issue. This is on ungoogled chromium but I never had an issue with firefox in the past.
My console does show a message “refused to execute inline script because it violates CSP …”
What does uMatrix panel and the browser console show on yours?
I’m on my phone at the moment, but I can check later. Just for the sake of completeness: I’m using Firefox and at first it seems like I can login, but as soon as I try to do something, e. g. write a comment, it fails and I’m logged out.
Ok. I just tried in FF and umatrix and created an issue on one of my projects and still am logged in. FF also gives me the CSP message about blocking inline scripts.
I go to https://todo.sr.ht/, log in, wait around 10s or so, hit F5, I’m logged out and uMatrix shows
cookie deleted: http://sr.ht/{persistent-cookie:sr.ht.unified-login.v1}.Got it. I was accepted everything from *.sr.ht. If I block the cookies it logs out on refresh. I assume you want to block first party resources from them?
Hmm, but I do not block the cookies. Per default I allow everything first-party except scripts and for *.sr.ht my only rule is to allow first-party scripts, so everything first-party is allowed. And it doesn’t block the cookie but deletes it after 10 seconds or so. I never saw this behavior on any other site.
After looking around, I see it’s possible my uMatrix is not able to delete cookies due to 1st party isolation. The closest thing I could find to your issue is https://github.com/uBlockOrigin/uMatrix-issues/issues/51
On the other hand, the workaround for the issue here is to simply explicitly allow the cookie for the specific sites:
subscene.com 1st-party cookie allow
reddit.com 1st-party cookie allow
This way there is no ambiguity
Hopefully someone else can reproduce it.
Oh boy, I just notice I completely wasted your time. uMatrix has nothing to do with it! I use an add-on called Cookie AutoDelete that has a feature which deletes first-party cookies after a domain change if you do not return to the cookies domain within some time (for me 15 seconds). I have had problems with this thing, but it seems like sr.ht triggers it on login and 15 seconds later the cookie is deleted. But I don’t understand why exactly the login process for sr.ht triggers this but no other pages.
