Login Page (Content-Security-Policy Error), Unable to log in

Login Page (Content-Security-Policy Error), Unable to log in

Location: Gitlab Sign In Page
Browser(s): Chrome Version 100.0.4896.88 (Official Build) (x86_64), Firefox 98.0.2 (64-bit)


After entering my login information and clicking “Sign In” a progress spinner appears momentarily, the sign-in buttons text changes to “Loading” for a brief moment and then goes back to saying “Sign In”. No Captcha is shown. Unsure if this is related to this issue so I created a new one. After that the page does not redirect and does not provide an error message (ie. in page login error message).

If I inspect the page (console) there is an error that reads:

Refused to frame 'https://gitlab-api.arkoselabs.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-cloudresourcemanager.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://*.codesandbox.io https://customers.gitlab.com https://client-api.arkoselabs.com".

A colleague that uses Ubuntu Chrome (unsure of version) is able to login

Hey there! I was able to replicate this on my end and have been discussing this internally. I believe this is related to a new anti-spam measure (That you’ve linked). I’ve declared an incident so we can address this:

Appreciate you reporting this! Please follow the issue for additional updates.

1 Like

@Jscherbe-Work We rolled this back to investigate further but it should be working now.


@clevelandbledsoe Ok awesome, I just tested and was able to login. Thank you