access with cloudflare

[Kris_88]

BTW, this page:
https://www.cloudflare.com/privacypolacy/
generates the unresponsive script warning.
Further, if I choose the "Debug script" button, then the browser crashes.
Can anyone confirm, or is it happening only with me?

edit:
Sorry, typo, I meant:
https://www.cloudflare.com/privacypolicy/

[Moonchild]

BTW, this page:
https://www.cloudflare.com/privacypolacy/
generates the unresponsive script warning.
Further, if I choose the "Debug script" button, then the browser crashes.
Can anyone confirm, or is it happening only with me?

confirmed. new in 32.2.0
it's a Javascript JIT crash (in BailoutIonToBaseline). It's hitting a release assert in SnapshotIterator::initInstructionResults at

Code: Select all

MOZ_RELEASE_ASSERT(results->length() == recover_.numInstructions() - 1);

EDIT: Issue #2257 (UXP) -- already have a fix for that landed now. It'll solve the crash. the script hang is something else.

[BenFenner]

if you encounter this problem, report it to cloudflare and include the stated "Ray ID"

Also report it to the web site owners/developers so they can get an idea of how CloudFlare is serving them (or not) and maybe rethink using it the first place.

[Kris_88]

Issue #2257 (UXP) -- already have a fix for that landed now. It'll solve the crash. the script hang is something else.

Thank you.

[digitalaudiorock]

I have a membership at drunkenslug.com and they're login process (unfortunately) has always used Cloudflare security validation. A few weeks ago that validation started prompting me to check a checkbox, which it wasn't doing before, but it still in fact worked. Now the Cloudflare icon either sits there with the spinning animation indefinitely, or the security image with that spinning animation just vanishes.

No clue if it's related to everything else here. I emailed them and they just said there's "nothing they can do about it" which frankly pisses me the fuck off. Nobody's holding a gun to their head and forcing them to use cloudflare's open-internet-unfriendly fucking bullshit...but i digress.

Tom

[LD-531]

When accessing Cloudflare "protected" sites, stuck "Checking if the site connection is secure" has worsened in recently.

they're the judges now *sigh*

[somdcomputerguy]

When accessing Cloudflare "protected" sites, stuck "Checking if the site connection is secure" has worsened in recently.

Strangely, when I visit a site that I regularly visit I get that message (and shortly after that an 'OK' type message) not when I first goto the site, but after I logout and the page reloads..

[back2themoon]

A few weeks ago that validation started prompting me to check a checkbox, which it wasn't doing before, but it still in fact worked. Now the Cloudflare icon either sits there with the spinning animation indefinitely, or the security image with that spinning animation just vanishes.

Confirmed on the few Cloudflare-guarded websites I visit. Hopefully, the #2257 fix will solve it.

Assuming that issue is unrelated, weren't we in the same situation exactly a year ago? The issue went public on a few tech-sites and CF finally provided the fix.

viewtopic.php?f=70&t=28227
https://community.cloudflare.com/t/brow ... ken/381029

Also, not sure how and where to report directly to Cloudflare with the Ray ID as a user. Reporting to website owners didn't help in my case. Cloudflare is so much bigger than them, and they seem wary of contacting them.

[Moonchild]

Hopefully, the #2257 fix will solve it.

it won't. #2257 is only to fix the crash upon opening devtools from the debug on the script hang on CF's policy page.

As stated before a few times already now: we can't do anything about an arbitrary captcha check on cloudflare's side that does not allow Pale Moon to continue to the protected sites.

[back2themoon]

Ok, so we'll probably need to post again in the Cloudflare community.

[bSun0000]

I HATE this ClownFlare service so much! It was suppose to be a protection against Denial of Service attacks but it became a DoS by itself! With all this stupid problems.. infinite redirects, cpu-melting challenges and straight errors in their scripts. Every time something new.
I'm getting this error on all cloudflare "protected" websites right now:

Code: Select all

12:41:25.212 [[[ERROR]]]: "Message: TypeError: l[l0(...)] is not a function - URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d26c58adaa2a21d - Line: 1 - Column: 124516 - Error object: {}" Object { i: "6KfsvNBcwrk=", h: "yes", tH: "", t: -1685950884986 }   v1:1:3010
12:41:25.214 TypeError: l[l0(...)] is not a function[Learn More]  v1:1:124516

Messing with different useragents and javascript options does nothing. It fails every time preventing me from entering the site. Palemoon 32.3.0 git-master.

[Sajadi]

Opened on the Cloudflare community a thread, who wants, can contribute:
https://community.cloudflare.com/t/clou ... ork/518036

[digitalaudiorock]

Opened on the Cloudflare community a thread, who wants, can contribute:
https://community.cloudflare.com/t/clou ... ork/518036

I don't get why you worded that in a way that implies that this is a palemoon issue, especially with the "Which feature must Pale Moon implement to make the browser check working again?" question. That certainly doesn't jive with what Moonchild stated above. Cloudflare's shit is broken and they need to fix it.

Even if that were the case, there's no way any security check like that that's widely used all over the web should require the browser to have the lastest/greatest/bleeding-edge javaScript functionality. That seems like the polar opposite of how Cloudflare should be approached with this.

Tom

[Sajadi]

I don't get why you worded that in a way that implies that this is a palemoon issue

You do know Cloudflare is one of the pages which also make constantly use of the latest ECMAScript shinies and drafts - like so many other pages today - that is actually the sad truth - Especially with the big players - to which also Microsoft or Google belong - so it is good to know what they changed.

Would it be a general page error then the system would also not work on Chromium or Chromium light (Firefox) based browsers - fact is, Cloudflare and it's services are developed with Chromium in mind.

Even if that were the case, there's no way any security check like that that's widely used all over the web should require the browser to have the lastest/greatest/bleeding-edge javaScript functionality

Sure, in a sane world one would agree with that, but in the sad state the web is today, this golden rule is ignored. And in most cases a fall-back variant with more browser agnostic code is not even considered as only the latest Chromium or Firefox or Safari browser matters for web developers or framework developers today

[digitalaudiorock]

I don't get why you worded that in a way that implies that this is a palemoon issue

You do know Cloudflare is one of the pages which also make constantly use of the latest ECMAScript shinies and drafts - like so many other pages today - that is actually the sad truth - Especially with the big players - to which also Microsoft or Google belong - so it is good to know what they changed.

Wow. I'm well aware that they do that, but that doesn't mean they should, and it sure doesn't mean that Palemoon should need enhancements to prevent those assholes from shutting it out from a large chunk of the web. Sorry, but I still maintain that the way you worded that is horrible.

Tom

[Sajadi]

Sorry, but I still maintain that the way you worded that is horrible.

It is all about information - so best is direct to the point. As said, as the checks work on Chromium and latest Firefox based browsers it is something which does not work smoothly with Pale Moon. And only the Cloudflare guys know at that point what it is.

If they are willing to share the necessary information is yet to be seen. Feel free to enhance the post if you want with your contribution. The more posts, the longer the topic is not going to be closed and is most likely recognized by someone of relevance.

[digitalaudiorock]

Sorry, but I still maintain that the way you worded that is horrible.

It is all about information - so best is direct to the point. As said, as the checks work on Chromium and latest Firefox based browsers it is something which does not work smoothly with Pale Moon. And only the Cloudflare guys know at that point what it is.

If they are willing to share the necessary information is yet to be seen. Feel free to enhance the post if you want with your contribution. The more posts, the longer the topic is not going to be closed and is most likely recognized by someone of relevance.

Giving detailed information as to javaScript errors etc is all well and good. Implying that it's a shortcoming of Palemoon sure isn't. I'm done. I'll let others chime in on this silliness.

Tom

[Sajadi]

Giving detailed information as to javaScript errors etc is all well and good. Implying that it's a shortcoming of Palemoon sure isn't

Nobody blames Pale Moon for missing specifications. Who is using no mainstream browser is aware that there are certain shortcomings - created by Google and it's lapdog lobbyist Mozilla - and it is still a fact that Cloudflare is optimized to work only best in Chromium based browsers and is integrating for this reason constantly the latest standards/drafts inside their project - just because they can - so i see no problem with my post. Actually do you think they take Pale Moon and make a test drive if it works also properly there? I seriously do not think so. They code, it works on Chromium and that is case closed for them. The code differences between Pale Moon and Chromium are like day and night - same like Firefox compared to Chromium - so it is basically best to keep the worst scenery case in mind - and let the service owners to which you raise the issue towards sort it out.

You think you can do better, then by all means, go over, register and post a reply or open another thread. How do they say... Twice raised, twice watched.

[Moonchild]

Nobody blames Pale Moon for missing specifications.

Except for you making it a question what Pale Moon should change to pass their check. That implies it's our fault not having what's "missing".

Either way, CF already indicated it was never their "intention" to cause trouble for Pale Moon or other UXP browsers when this happened in the past. If anyone's going to post there, that point should be raised. It's most likely that whomever though the new check scripting was a good idea, didn't think of testing on Pale Moon. Call it an oversight by them, not "missing specifications" or what not.

[thefossil]

Having some trouble, too, with one site. But it coincided with me firing up AVG VPN, so I thought it was related to that, not the browser itself, as I was able to access the site a few days before without the VPN installed.
The Cloudflare box flashes briefly on PM, then spinning wheel. On FF, it takes a moment to make the check box, and when checked, one can access the site. Perhaps it's the VPN/UblockOrigin combo? I caught a screen grab after a few tries to see the spinning wheel in the "not a robot" box.
Console:
GET
https://www.powerlineblog.com/ [HTTP/2.0 403 Forbidden 33ms]
GET
https://www.powerlineblog.com/cdn-cgi/s ... lenges.css [HTTP/2.0 304 Not Modified 26ms]
GET
https://www.powerlineblog.com/cdn-cgi/i ... parent.gif [HTTP/2.0 200 OK 28ms]
GET
https://www.powerlineblog.com/cdn-cgi/c ... managed/v1 [HTTP/2.0 200 OK 52ms]
GET
https://www.powerlineblog.com/favicon.ico [HTTP/2.0 200 OK 47ms]
GET
https://challenges.cloudflare.com/turns ... 470/api.js [HTTP/2.0 200 OK 127ms]
POST
XHR
https://www.powerlineblog.com/cdn-cgi/c ... a4ae67ce07 [HTTP/2.0 200 OK 45ms]
GET
https://challenges.cloudflare.com/cdn-c ... ght/normal [HTTP/2.0 200 OK 54ms]
GET
https://challenges.cloudflare.com/cdn-c ... chl_api/v1 [HTTP/2.0 200 OK 45ms]
POST
XHR
https://challenges.cloudflare.com/cdn-c ... 81969cd013 [HTTP/2.0 400 Bad Request 43ms]
POST
XHR
https://www.powerlineblog.com/cdn-cgi/c ... a4ae67ce07 [HTTP/2.0 200 OK 49ms]