brave-browser: Cloudflare endless looping due fingerprinting
Description
Visiting the http://chaingames.io/ caused an endless loop for the user
Steps to Reproduce
- Open
http://chaingames.io/ - Expect Cloudflare to redirect
- (according to user, didn’t redirect)
Actual result:
Expected result:
Allow cloudflare to work correct (redirect correctly, and not loop)
Reproduces how often:
I wasn’t able to reproduce, was reported via the forums.
Brave version (brave://version info)
Version 1.22.70 Chromium: 89.0.4389.105 (Official Build) (x86_64)
Version/Channel Information:
- Can you reproduce this issue with the current release?
- Can you reproduce this issue with the beta channel?
- Can you reproduce this issue with the nightly channel?
Other Additional Information:
- Does the issue resolve itself when disabling Brave Shields? Yes, (Fingerprinting)
- Does the issue resolve itself when disabling Brave Rewards?
- Is the issue reproducible on the latest version of Chrome?
Miscellaneous Information:
Reported here: https://community.brave.com/t/brave-browser-stuck-on-cloudflare-loop/224513/
I wasn’t able to reproduce this, but logged ticket for followup/confirmation
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 1
- Comments: 26 (13 by maintainers)
Just to follow up here, I have an ongoing discussion with Cloudflare folks to sort this out. I hope to have more news to share shortly, but we’re working on it aggressively
My apologies for the slow reply, @pes10k.
I’m connecting from the UK. I’d be happy to share the URLs I’m seeing the issue on, but it actually seems the issue has resolved. I recall that cloudflare.com itself inaccessible, but, I’ve just successfully accessed the website. In addition, a few minutes ago, https://sportsbikeshop.co.uk actually showed the DDOS protection screen for a second before redirecting successfully.
Good news from a practicality standpoint, but perhaps not for issue reproduction! I shall get in touch, though, if I see it again.
Thanks for your assistance with this.
Verified passed on
Verified STR from description. Confirmed I was redirected as expected.
Verification passed on
Verification PASSED on
Win 10 x64using the following build:Just to update everyone on the issue, we were able to sort out the issue with Cloudflare (its a collision between Brave’s fingerprinting defenses and changes in upstream), and its fixed in https://github.com/brave/brave-core/pull/8562. It should hit nightly in the next 24 hours
There are also hot fixes being prepared for Beta and Stable too (see above), which should also land in the next 24 hours.
Thanks very much again for everyone’s help in reporting this and making sure it got sorted!
Can confirm this. Happens across all Cloudflare DDoS protected sites, including Gitlab’s signin page.
Allowing all fingerprinting (or of course shields down) allows the CF check to pass.
Cheers, Bryan
@pes10k
standard. Only if I put “Allow all fingerprints” the page is able to pass cloudflare’s challenge.I’ve reached out to CF to see if we can work things out with them. @ryanbr, could you follow up in the community thread and let them know that we’re trying to work things out with Cloudflare?