Closed h4ckee closed 1 year ago
116.0.5845.96 (Official Build, ungoogled-chromium) AXE (64-bit)
You should file this issue where you've downloaded this binary. It doesn't look like any of ours.
Since @clickot archived https://github.com/clickot/ungoogled-chromium-build, I'll write here.
I could reproduce this issue exactly with https://github.com/clickot/ungoogled-chromium-binaries/releases/download/116.0.5845.96-1/ungoogled-chromium_116.0.5845.96-1.1_linux.tar.xz
The problem is curious in that I could not reproduce it on my ungoogled-chromium binary.
The problem lies in web protection those websites apparently employing. They calculate some values and POST them (very much like Cloudflare does it). With my binary receiving a redirect, while portable binary gets 403.
The only difference between binaries I could think of was me using bromite/cromite patches, but I have another binary which is a clean ungoogled-chromium (also built by myself). I couldn't reproduce this issue there as well.
Not sure if we could debug this issue further, just an FYI for @h4ckee and @clickot
EDIT: I could reproduce this issue on my other binaries: https://github.com/PF4Public/ungoogled-chromium-bin/releases. Which makes it even more curious.
Yes, you're right. When I inspected request and response headers from those sites on ungoogled-chromium and thorium browsers, I noticed that sites behaved differently each time i try to login, though request headers were almost the same.
I suspect this might be related to fingerprinting patches. Fingerprinting is probably what they do. It seems to coincide with https://github.com/ungoogled-software/ungoogled-chromium/issues/2389. I just double checked and indeed those binaries which are unaffected have fingerprinting patches replaced by bromite/cromite ones (I initially mistakenly stated that they are clean built).
This seems to be plausible since https://abrahamjuliot.github.io/creepjs/tests/domrect.html detects same "lies" for any ungoogled-chromium (but not for cromite), which might trigger those web protections as "automated browsing", which in turn results in 403 error.
But when I disable/enable --fingerprinting-canvas-image-data-noise --fingerprinting-canvas-measuretext-noise --fingerprinting-client-rects-noise nothing actually changes for me.
Could be something else entirely 🤷🏻
at least my suspicion that this has nothing to do with my build seems to be confirmed :-)
Hi Guys. A few releases ago, I ran into a problem on a couple of sites that were working earlier. I have tested them with other browsers (thorium and firefox) and there they work as expected.
403 Error Forbidden Access to login.mts.ru is forbidden. Try accessing the site login.mts.ru later or contact administration of the site.
Version 116.0.5845.96 (Official Build, ungoogled-chromium) AXE (64-bit) Best regards.