Loop on Gitlab.com checking browser

When trying to login at https://gitlab.com/users/sign_in i get a loop on a “challenge” when Checking the browser, I guess this has to do with cloudflare and my browser (I am using qutebrowser), because it works if i use firefox. I have tried to change my User Agent for the Firefox one only at the domain https://gitlab.com/* but had no luck.

The user agent being sent is: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.15.4 Chrome/87.0.4280.144 Safari/537.36

Do you get the same result with an incognito window, or a different browser?

Hi, so using firefox as i mentioned works, i am using that as a temporary solution, and usoing incognito on qutebrowser does not work, it seems to be qutebrowser related, but weirdly it started happening abut yesterday or two days ago, as last week i was able to go with no issues.

Thanks :smiley:

I guess this may just be an issue with your set-up somehow, but if you think it’s likely to be reproducible, it would be a good idea to raise an issue.

The only qutebrowser related issue I could find is this one which isn’t related, but might suggest that GitLab doesn’t work well with the browser generally.

It seems like it to be honest, weird tho that it started a couple of days ago, i will see if i can raise an issue at the qutebrowser repo to see if they can give me more information.

THanks for the help :smiley:

1 Like

This is a reproducible issue, I get it myself with Qutebrowser and Windows. It seems that it is also unrelated to adblocking, because it persisted even when I disabled built-in adblock in Qutebrowser. So the true problem is likely Cloudflare not recognizing Qutebrowser as a browser. There is reportedly a workaround to change a user agent for Gitlab.

What is a proper repo to open issues about gitlab.com infrastructure though? It is a gitlab.com instance issue, not Gitlab webapp one…

Yeah, the issue seems to be qutebrowser, as it is happening on more sites, i am aware of this workaround as i am interacting in the issue but as per one of my comments, this solution doesnt seem to apply with more config, or setting the user agent only on giltab (https://github.com/qutebrowser/qutebrowser/issues/7208#issuecomment-1219364408).

Probably should close this thread.

Actually the issue is rather Cloudflare than Qutebrowser, and I would still try to spawn an issue for Gitlab Infra team, because the chance is greater that Cloudflare will resolve it if a client (Gitlab) sends a ticket than some random people (us) start complaining on their forum.

If its an issue with cloudflare, how is it working with other browsers like Firefox? Do you think cloudflare might not like some header qutebrowser sends?

I believe they do some weird checks based on a user agent header (and then tell “Haha, evil bot, I caught you!”). This is confirmed by a workaround, that is precisely to change a user agent header.

I haven’t check myself, but I would bet that all the sites with the same issue use Cloudflare for DDOS protection.