Open k0gen opened 2 years ago
Related: https://github.com/mastodon/mastodon-ios/issues/334#issuecomment-1056848588
Is the issue reproduced every time sign in on your onion server? That's the webpage is system standard authentication control. I have occurred the same error pages before. But retry again is works.
Yes the issue is reproduced every time. I'm installing another test instance for You to debug this issue. I'll send credentials via email soon.
Could it be clock related, somehow? Either on your phone or on the server?
Could it be clock related, somehow? Either on your phone or on the server?
Both are NTP synced so I doubt.
I have a fresh Mastodon .onion instance ready and open for you guys to test and debug against.
I received your onion site address and test it with Orbot app. I belive the Mastodon app and Tor browser cannot sign in it neither. Thanks the Orbot app. You can use the Safari app to open any onion website. For example, the DuckDuckGo: https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/.
Then I try open the onion Mastodon server in Safari and it's failed with the same issue.
@Gargron Any idea? Maybe this issue needs transfer to Mastodon repo.
I received your onion site address and test it with Orbot app. I belive the Mastodon app and Tor browser cannot sign in it neither. Thanks the Orbot app. You can use the Safari app to open any onion website. For example, the DuckDuckGo: https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/.
I normally don't use Tor Browser but I have just tested it out and I was able to sign in and login with no problem on my Linux Desktop.
I test the Safari for iOS and Chrome for iOS with Orbot connection. Also, Firefox for macOS with SOCKS5 (force DNS) Tor proxy. The same Security verification failed. Are you blocking cookies?
failure prompt for me.
The website inspect tell me the sign in query return HTTP 422 error code.
I know that latest Firefox is having issues make sure you have:
dom.securecontext.allowlist_onions
and
dom.securecontext.whitelist_onions
set to true
In about:config
What onion address can I test with?
What onion address can I test with?
Check your e-mail.
Tor Browser and Firefox (when properly configured) treat http onion addresses as secure contexts since the transport layer is encrypted and self-authenticated. Safari running in orbot has no way of knowing this, so it will see the http and assume that the domain is insecure, so it won't accept cookies with the Secure
flag.
Connecting with my .onion mastodon works just fine but I'm unable to login.