can't login to Twitch with RFP [1805101]

[randomscumbag]

I went through the steps and everything seems to work fine, however when i try to login to Twitch I get met with something went wrong. I have backed up my previous FireFox Config and went back to it, and it still works. I can login for youtube, or emails, or anything else, but twitch seems to not let me in. I have 0 extensions running when I tried it, and I am running the latest FireFox 106.0 (64-bit) ArchLinux-1.0

🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting

• [ ] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox
  • unchecked issues may will be closed as invalid

🟪 REQUIRED INFO

• Browser version & OS:
• Steps to Reproduce (STR):
• Expected result:
• Actual result:
• Console errors and warnings:
• Anything else you deem worth mentioning:

---

[fxbrit]

I've yet to confirm this but it seems like it's Linux only; last time I tried I couldn't reproduce it on macOS but I could on Fedora, even in a brand new stock profile.

[randomscumbag]

Yea I actually removed firefox and deleted the directory and just went back to my old settings. some of the settings I changed and went through one by one privacy.resistFingerprinting = True when i changed this to true, I had an issue with Twitch. So i left it at the default and continued on. I followed a guide on Reddit here https://www.reddit.com/r/privacytoolsIO/comments/mqy5u1/firefox_privacy_tweaks/ - Which was a lot of the things I tweaked, but i am a twitch head, so I went one by one making changes. Just like to know where I need to reset something back to its original state if I need to.

[GlassGruber]

My suggestion for "popular" websites is just to have dedicated profiles, with FF are a breeze to setup.
Little tip: save a bookmark with URL pointing to about:profiles and you have all your profiles listed for quick opening and switching. Also about:about page has lots of neat stuff.

Even with a "relaxed" profile, you can benefit from lots of privacy wise improvements with just ETP strict and ublock origin. Add on top of that containers with MAC/TC and you are really getting rid of basically all the commercial nastiness on the common interwebz.

Fingerprinting is another big topic, but since you are logging in to the service the problem is moot I think.

Concluding, the various guides online are many times incomplete and/or outdated, the configs are constantly evolving and that guide is 2 years old.
Do read and learn, but ultimately if you are very interested in this, I think Arkenfox user.js + wiki and the issue section here are some of the best resources to follow.

[GlassGruber]

I've tested on "relaxed" profile FF 106 on Windows (ETP strict + uBO) and login worked. Tested again on same profile with RFP ON and login worked.

[AERDU]

I managed to fix this by making two changes in about:config awhile ago, one of them was disabling privacy.firstparty.isolate, and I think the second was disabling one of the privacy.trackingprotection.* settings. I know that arkenfox suggests against running Custom instead of Strict but this was the only way I could solve it. Things might have changed since I last had this issue a month or so back.

[randomscumbag]

I managed to fix this by making two changes in about:config awhile ago, one of them was disabling privacy.firstparty.isolate, and I think the second was disabling one of the privacy.trackingprotection.* settings. I know that arkenfox suggests against running Custom instead of Strict but this was the only way I could solve it. Things might have changed since I last had this issue a month or so back.

Thank you. Yea when I went through a guide one by one I noticed the trackingprotection caused the problem and I stopped there. I did what GlassGruber mentioned above. I made a 2nd profile which I honestly didn't even know was a thing. For Login Accounts for the most part with my real emails. and then I have like my Junk Emails and Random Logins like Youtube and stuff on an ArkenProfile as is. I am just tired of the Data Hungry sites and all the sharing of information and trying to learn my way to keep things to a minimal. I even set up my Old Cell phone to use for a cell Phone number if I need one on certain sites. Tello 4$ a month lol. Which is where I think a lot of spam calls I was getting was coming from. Because when I create an account with this number it tends to get a lot of spoofy calls and noone has this number except for me and the Company.

[seankhl]

Can't log into twitch even on vanilla firefox.

[rusty-snake]

https://github.com/arkenfox/user.js/blob/f4187632faef76df4de0cbb0cdc7199f22fadd76/user.js#L722

https://github.com/arkenfox/user.js/blob/f4187632faef76df4de0cbb0cdc7199f22fadd76/user.js#L719-L720

[GlassGruber]

https://github.com/arkenfox/user.js/blob/f4187632faef76df4de0cbb0cdc7199f22fadd76/user.js#L719-L720

A not perfect alternative could be to use TC to isolate the domain where you set ETP off, so that at least out of that container other sites are not snatching "relevant" data.
But I guess that if ETP is off a dedicated profile is the best scenario to operate in.

[Thorin-Oakenpants]

@randomscumbag please check the checkbox in OP or I will be forced to do the following, as stated: "unchecked issues may will be closed as invalid"

[MikeZeDev]

I want to add something: apparently now, when you use the referer policy from arkenfox

user_pref("network.http.referer.XOriginPolicy", 2); user_pref("network.http.referer.XOriginTrimmingPolicy", 2);

Twitch says my browser is too old. By setting those to 0 i can login to Twitch with RFP on.

I test on a naked Firefox profile, and this is definitely one of those two, or those two the culprit(s).

[Thorin-Oakenpants]

https://bugzilla.mozilla.org/show_bug.cgi?id=1805101

[ghost]

A dirty workaround for now that I tried is simply adding https://twitch.tv/ to Settings(about:preferences) > Privacy & Security > Cookies and Site Data > Manage Exceptions..., then disabling RFP once so that Twitch doesn't complain about not using recommended browsers, then simply logging in on Twitch and after this just re-enable RFP, while making sure that the Twitch cookies are still there. Apparently, Twitch only complains on the login screen, it won't annoy you again once you get past the login process. Only RFP seems to be causing the issue in my case, ETP and other settings caused troubles only when I was trying to disable my account but disabling ETP did the trick on account disable page, so now I am free from vtuber hellhole, yes.

[Thorin-Oakenpants]

Apparently, Twitch only complains on the login screen

that's what the issue says ... can't login to twitch :)

[MikeZeDev]

This is getting worst. If i activate RFP after being logged, i cant send PM they are erased and no one can read them.

One or more GraphQL errors were detected on request 0************ Whispers_MarkThreadMessageRead: failed integrity check

Toggling RFP off allowed to to send PM. Seriously Twitch what are you smoking?

[AERDU]

Sending a PM isn't the only thing that gets restricted, I've noticed things like being unable to remove notifications, being unable to gain channel points, bet, and redeeming rewards will not work. There are a couple more basic features that get restricted that I can't entirely remember, but like 50% of the buttons on the platform don't do anything with RFP re-enabled.

[MikeZeDev]

That said i apparently can login with RFP on. Must be confirmed in the long time.

[privacyguy123]

I found that it's the tracking protection/isolation messing with the cookie Twitch sets giving me the "unsupported browser" message on log in. Temporary whitelist on FireFox tracking protection/uBlock Origin/I don't care about cookies was neccessary to click "Accept Cookies" then it'll let me log in.

[zxxtlz]

this isnt on linux only, im on windows 10 and for me its from the browser settings but i dont know which one exactly it is. when i use default firefox it works fine but when i use arkenfox, some setting makes twitch rage i still have yet to find the issue

[Thorin-Oakenpants]

https://bugzilla.mozilla.org/show_bug.cgi?id=1805101 has landed .. lets see if it sticks and solves the problem

[fxbrit]

It would be nice if some of you twitchers could install Nightly, enable RFP and verify that the issue is fixed :-)

[Thorin-Oakenpants]

That and I can't wait for https://bugzilla.mozilla.org/show_bug.cgi?id=1610762 / https://bugzilla.mozilla.org/show_bug.cgi?id=1826098#c2 to happen - i.e in FF don't spoof the HTTP header in linux and mac to windows (but we do still limit it to four tuples, i.e windows 10, android 11, etc). And with the performance.mark fixed, things are starting to unbreak

[Thorin-Oakenpants]

https://bugzilla.mozilla.org/show_bug.cgi?id=1805101 has landed .. lets see if it sticks and solves the problem

I'm not really paying attention, and twitch has always had issues with FF on and off ... but https://bugzilla.mozilla.org/show_bug.cgi?id=1835987#c1

What we fixed in Bug 1805101 is to make it possible to successfully opt-out of fingerprinting protection for this specific site so that it starts working again. (At least I hope this works, I haven't tested it again) ...

[AERDU]

Well it finally happened, I can no longer watch twitch streams without user_pref("privacy.resistFingerprinting", false);, instead I just get a black screen. Works flawlessly when disabling it though.

Edit: also VODs seem to still work

[Thorin-Oakenpants]

https://old.reddit.com/r/firefox/search/?q=twitch&sort=new&restrict_sr=on ... at the time of posting ... 25 threads on twitch in the last month. Twitch has always been an asshole glitchy. Not all those are directly twitch issue though, just pointing out that it gets a large share of the problems

how I feel about twitch ... https://old.reddit.com/r/firefox/comments/13e4fic/twitch_not_supporting_firefox/jjo32n9/

This is just Twitch being Twitch. [snip] It just.. breaks sometimes.

[MikeZeDev]

I can perfectly login on Twitch with RFP on apparently. Turn out its random and some people are not affected?

[AERDU]

Strange, just as I found a fix for videos not loading, twitch rolledback and I can now watch streams, but I can no longer login, even with RFP off.

Slightly off-topic, but this thread might help debug why logins wont work with rfp streamlink/streamlink#5370. They managed to bypass the black screen I previously mentioned by spoofing the Client_ID to nintendo switch's Client_ID when sending headers (I've got some shoddy addon to help with this temporarily). The thread also mentions other ways twitch does integrity checks, might be worth checking out? rfp probably spoofs one of those variables which is what's preventing logins.

Seems like twitch is doing a lot of changes to their backend these past days as I heard adblock stopped working for some users as well. I might wait a couple of days until I fiddle with it again since who knows what twitch will do.

[fxbrit]

I think you should just clear all your twitch cookies and try logging-in again, IIRC they set a cookie which contains some kind of sanity check so if you failed it, it'll stay that way for a few hours until that cookie expires.

[AERDU]

Twitch now blocks you from logging in if you're behind a VPN, as if the shadowban wasn't enough... Still managed to fix it with some SmartProxy configuration.

I also found a way to login without needing to (fully) disable rfp; it appears that twitch only checks for a "bad" User-Agent, AKA the one rfp gives you. I reversed my User-Agent (for twitch only, probably a lot of ways to do this) back to its original value, and I can now login.

[boderholm]

I was having the same problem, but I finally managed to log in to Twitch. First of all, I am using Firefox Nightly 115.0a1 (2023-06-03) (64-bit). And here are some changes I made in user.js:

user_pref("network.http.referer.XOriginPolicy", 0); user_pref("privacy.resistFingerprinting", false); user_pref("privacy.resistFingerprinting.letterboxing", false);

I don't know if these changes can result in any solution, but here I'm not having the problem anymore.

[LucasOe]

I was having the same problem, but I finally managed to log in to Twitch. First of all, I am using Firefox Nightly 115.0a1 (2023-06-03) (64-bit). And here are some changes I made in user.js:

user_pref("network.http.referer.XOriginPolicy", 0); user_pref("privacy.resistFingerprinting", false); user_pref("privacy.resistFingerprinting.letterboxing", false);

I don't know if these changes can result in any solution, but here I'm not having the problem anymore.

Thank you. It was the user_pref("network.http.referer.XOriginPolicy", 0); setting for me that I was missing, maybe it should be added to the overrides recipes, because I can't remember anyone mentioning it. This setting also breaks the login on adobe.com.

[MikeZeDev]

Yup, found this a while ago https://github.com/arkenfox/user.js/issues/1567#issuecomment-1330564214

[RapWolf]

maybe it should be added to the overrides recipes, because I can't remember anyone mentioning it

It's in the wiki

• 1601: We hardened cross origin referers 🥇 #1 ISSUE
  • This may cause breakage where third party images and videos may not load, and with authentication on sites such as banks. If 1601 is too strict for you, override it to default 0 and consider using Smart Referer extension in Strict mode

[risbi0]

I was having the same problem, but I finally managed to log in to Twitch. First of all, I am using Firefox Nightly 115.0a1 (2023-06-03) (64-bit). And here are some changes I made in user.js:

user_pref("network.http.referer.XOriginPolicy", 0); user_pref("privacy.resistFingerprinting", false); user_pref("privacy.resistFingerprinting.letterboxing", false);

I don't know if these changes can result in any solution, but here I'm not having the problem anymore.

I added only user_pref("network.http.referer.XOriginPolicy", 0); and it worked.

[mortenya]

I was having the same problem, but I finally managed to log in to Twitch. First of all, I am using Firefox Nightly 115.0a1 (2023-06-03) (64-bit). And here are some changes I made in user.js: user_pref("network.http.referer.XOriginPolicy", 0); user_pref("privacy.resistFingerprinting", false); user_pref("privacy.resistFingerprinting.letterboxing", false); I don't know if these changes can result in any solution, but here I'm not having the problem anymore.

I added only user_pref("network.http.referer.XOriginPolicy", 0); and it worked.

I just did the same with a new profile and was able to log in. Only change I made was adding: "user_pref("network.http.referer.XOriginPolicy", 0);"

[privacyguy123]

This bug is back with a vengeance and nothing posted in here is fixing it fyi

EDIT: I have to be going insane - I can only reproduce when I have over X amount of addons enabled in FireFox, unfortunately I didn't jot down exactly how many, but when I disable a few (and I HAVE picked at random) Twitch plays nice again. Very odd.

[fxbrit]

out of curiosity, which extensions? if some of them touch the DOM you might look like a bot to content providers.

[privacyguy123]

It seems it might have been fx-cast ... some 3rd party app to bring Chromecast functionality to FireFox, I barely even used it.

I'd say seems safe to close. I can't reproduce any Twitch login issues with the user.js specifically, it was some other combination of addons F'ing it up.

[DuMuT6p]

On latest Firefox 119.0.1 64bit (Linux) it is still reproducible along with other interactions (checking notifications, follow/unfollow, etc.). Workaround:

1. Toggling only privacy.resistFingerprinting in about:config to False
2. Refresh twitch page.
3. Interact (e.g. login, hit Follow button)
4. Toggle it back and refresh twitch page.

[MikeZeDev]

Not sure its related to RFP but got something yesterday : i want to claim something with channel points and it wasnt working : i got the nefarious "GraphQL integrity failed" error. I had to turn off RFP and Privacy possum and made a full reload of the page (CTRL+F5). God damn twitch.

Regular Firefox 119.0.1 64bit, Windows.

[brian6932]

I was having the same problem, but I finally managed to log in to Twitch. First of all, I am using Firefox Nightly 115.0a1 (2023-06-03) (64-bit). And here are some changes I made in user.js:

user_pref("network.http.referer.XOriginPolicy", 0); user_pref("privacy.resistFingerprinting", false); user_pref("privacy.resistFingerprinting.letterboxing", false);

I don't know if these changes can result in any solution, but here I'm not having the problem anymore.

I tried to take an alternate approach to keep referer same origin only (network.http.referer.XOriginPolicy 2), tried to use https://github.com/didierfred/SimpleModifyHeaders, and set referer to https://www.twitch.tv/ for passport.twitch.tv and/or *twitch.tv but I can't get Kasada to let me through 🤔 Even saved as har, parsed out every url, and then applied the same referer rule to each, but no dice.

The closest thing I could find that worked was setting

user_pref("network.http.referer.defaultPolicy.pbmode", 1); // lower breaks Twitch
user_pref("network.http.referer.defaultPolicy.trackers.pbmode", 0);
user_pref("network.http.referer.defaultPolicy.trackers", 0);
user_pref("network.http.referer.defaultPolicy", 1); // lower breaks Twitch
user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true);
user_pref("network.http.referer.hideOnionSource", true);
user_pref("network.http.referer.spoofSource", true);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 1); // higher breaks Twitch 
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.sendRefererHeader", 2); // lower breaks Twitch, the Auto Referer addon tends to be safer

with https://github.com/garywill/autoReferer.

---

For any chromium users encountering this issue, seems like some chromium browsers change the origin isolation defaults from time to time. Go to about://flags/#strict-origin-isolation, and set it to Disabled.

[MikeZeDev]

Just posting to say they are at it again, "muh old browser" cant even login.

[zxxtlz]

To everyone in this thread still struggling, instead crying here, try to use betterfox instead. Works flawlessly

[Thorin-Oakenpants]

To everyone in this thread still struggling, instead crying here, try to use betterfox instead. Works flawlessly

Are you fucking kidding me? Betterfox is a fucking AF clone - Betterfox copies everything AF does and even waits for AF to decide what to do. Betterfox copies my fucking WIKI, it copies my ideas, it copies fucking everything, and even then it reverts a few changes to the detriment of security/privacy because .. IDk, ignorance and just plain plagiarism

Betterfox also shameless self-promotes and begs for money/donations.

I've also seen Betterfox disparage AF

Fuck your claim that the issue here is solved by Betterfox - it is not

Also, BF's speedy claims are fucking snake oil, and BF aligns itself with more snake oil in the name of Mercury; and with other projects such as Floorp (who wouldn't know privacy if it hit them in the fucking head)

Look at AF over the last 18 months, stable as fuck, little turmoil - look at BF - non-stop flip-flopping and bullshit nonsense

---

AF: "Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening " BF: "Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better"

https://github.com/yokoffing/Betterfox/issues/167 - yeah, lets just copy AF's updater

https://github.com/yokoffing/Betterfox/pull/268 - still waiting on AF because .. you know .. can't copy what I haven't done yet

[yokoffing]

Hi @Thorin-Oakenpants. Thank you and others for this repo... AF is the foundation of BF and other user.js repos I've come across, which a testament to how much value this project provides. BF originated years ago as my way to customize AF for my own use cases and learn about Firefox. I tweaked various preferences to experiment. Eventually, others discovered my tweaks and became interested, and things took off from there... Yes, AF is the core of BF. It is derived from and keeps parity with AF. Overwhelmingly, BF mirrors AF... I'll make this more apparent in the Credits (https://github.com/yokoffing/Betterfox/commit/27bcd885b7c7c97e6e2291559c38f686f60d35a8). I'll also go through the files to give explicit credit to AF, and make changes or remove projects I never completed (like the wiki)... Thank you again for your work, and apologies for the misunderstanding.

[Apep-the-snek]

https://github.com/arkenfox/user.js/issues/1567#issuecomment-1288134235 I created a brand new profile (no user.js) in firefox developer edition 125.0b6 (64-bit) (yes i have not updated it in a while), and i get the same error message, this is completely unmodified, except i added the addon keepassXC browser, but that is only for filling in passwords (does nothing else).

is this a linux issue, a firefox developer edition issue or what?

[sofiedotcafe]

@Apep-the-snek

is this a linux issue, a firefox developer edition issue or what?

A twitch issue ^-^ This is not related to ArkenFox, but I can't even login to my account currently? The reset password shit is not working...

[Thorin-Oakenpants]

So we got Mullvad Browser 13 to drop the mismatched userAgent headers for Linux/Mac a while ago. Tor Browser 14 follows suit

next step is to get RFP upstream at Firefox to remove it