Infinite loop on Cloudflare check
Summary
When clicking the "Sign in" button on https://gitlab.com, it presents a CloudFlare "checking if the site connection is secure" screen with a "Verify you are human" checkbox. This simply goes around in an infinite loop.
Browser is Vivaldi 6.1.3035.257 (Stable channel) (arm64) on macOS 13.4.1 (22F770820d). uBlock Origin and Ghostery are installed, and the system is using a Pihole for DNS.
Third-party cookies are disabled for data protection (GDPR) reasons, and cannot be enabled globally. If the fix is to enable them, there need to be instructions on how to allow third-party cookies from CloudFlare on github.com only, while keeping them disabled in all other cases.
Similarly, if individual connections need to be allowed in ad-blockers, there need to be clear instructions on which connections need to be allowed just for passing this security check.
The Pihole can be discounted, as opening a guest profile in the browser with no plugins installed and default settings allows me to proceed to the login page and log in. However, I cannot install any plugins in this situation, nor can I mix the guest tabs with non-guest tabs in the same window. This makes using gitlab.com considerably less useful.
Using a guest browser mode, or a separate profile just for GitLab is not an acceptable solution — especially since I see that gitlab.com embeds numerous trackers, and has not asked for my consent to this as required under GDPR and UK data protection legislation. For the record, I do not consent to my connection data being passed to third-party trackers.
It's possible that this has the same root cause as #342230, but it is not just affecting Tor users — it is affecting any users who have browsers configured for security. (Some of these users will have these settings mandated by employers, and may not even be able to change them if running in a managed environment.)
Steps to reproduce
- Install Vivaldi.
- In Vivaldi, go to
Settings > Privacy and Security
and configure it like this: - Install uBlock Origin from https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm. Leave the settings at the defaults.
- Install Ghostery from https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij.
- In Ghostery's settings, click Global Blocking, then Block All. Then use the search box to find CloudFlare under CDNs, and unblock it.
- Open https://gitlab.com
- Click
Sign In
- On seeing the CloudFlare verification page, tick the "I am a human" box.
Example Project
Not applicable — this happens when trying to log in to gitlab.com, so it's not even possible to create an example project
What is the current bug behaviour?
The CloudFlare check just goes around in an infinite loop. It does not offer any help on what to do in this situation; the user is unable to log in to gitlab.com.
What is the expected correct behaviour?
The CloudFlare check works properly, including with third-party cookies disabled.
Relevant logs and/or screenshots
Screen_Recording_2023-08-09_at_10.11.47
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
n/a — self-installed GitLab does not do this.
Results of GitLab application Check
n/a — self-installed GitLab does not do this.
Possible fixes
Removing the CloudFlare check would probably be the quickest fix.