I use uMatrix for years now and SourceHut is the only Website where I have to disable uMatrix completely or else I cannot login. Did anybody else face this problem and solved it with some custom rule or so?
Edit: Problem solved, not uMatrix’ fault.
I use uMatrix for years now and SourceHut is the only Website where I have to disable uMatrix completely or else I cannot login. Did anybody else face this problem and solved it with some custom rule or so?
Edit: Problem solved, not uMatrix’ fault.
I’m on my phone at the moment, but I can check later. Just for the sake of completeness: I’m using Firefox and at first it seems like I can login, but as soon as I try to do something, e. g. write a comment, it fails and I’m logged out.
Ok. I just tried in FF and umatrix and created an issue on one of my projects and still am logged in. FF also gives me the CSP message about blocking inline scripts.
I go to https://todo.sr.ht/, log in, wait around 10s or so, hit F5, I’m logged out and uMatrix shows
cookie deleted: http://sr.ht/{persistent-cookie:sr.ht.unified-login.v1}
.Got it. I was accepted everything from *.sr.ht. If I block the cookies it logs out on refresh. I assume you want to block first party resources from them?
Hmm, but I do not block the cookies. Per default I allow everything first-party except scripts and for *.sr.ht my only rule is to allow first-party scripts, so everything first-party is allowed. And it doesn’t block the cookie but deletes it after 10 seconds or so. I never saw this behavior on any other site.
After looking around, I see it’s possible my uMatrix is not able to delete cookies due to 1st party isolation. The closest thing I could find to your issue is https://github.com/uBlockOrigin/uMatrix-issues/issues/51
subscene.com 1st-party cookie allow
reddit.com 1st-party cookie allow
This way there is no ambiguity
Hopefully someone else can reproduce it.
Oh boy, I just notice I completely wasted your time. uMatrix has nothing to do with it! I use an add-on called Cookie AutoDelete that has a feature which deletes first-party cookies after a domain change if you do not return to the cookies domain within some time (for me 15 seconds). I have had problems with this thing, but it seems like sr.ht triggers it on login and 15 seconds later the cookie is deleted. But I don’t understand why exactly the login process for sr.ht triggers this but no other pages.
np. that crossed my mind when I read one github comment that said umatrix reports deleted cookies even if it didn’t delete it. glad you figured it out.