Failing JS challenge

#1

Just a heads-up, https://1337x.st/ appears to have IUA enabled but the JavaScript challenge does not complete/proceed because of a JavaScript error after the delay of five seconds.
The issue does not appear to apply Cloudflare-wide though.

image

@cloonan

Possibly related to Checking your browser before accessing

1 Like
#2

Site loads for me once I turn off Adblock Plus and it’s allowed to set cf_clearance cookie. If I delete that cookie, and turn it back on, I’m blocked once again.

1 Like
#3

Excellent find! :+1:t2:

It is the ||1337x.st^$csp=script-src 'self' 'unsafe-inline' rule of EasyList.

1 Like
#4

I didn’t have time to figure out the exact filter, but I just disabled EasyList as you mentioned and sure enough, it passes the challenge.

BTW, seems to work fine with Ghostery, Adblock, and Privacy Badger all running on block everything.
My ABP has the following filters
EasyPrivacy
Fanboy’s Social Blocking List
ABP filters
EasyList the only one that appears to be an issue
Malware Domains

#5

It’s been solved, but if I may give an opinion or two, it would be most appreciated. Using an adblocker to mess with CSP is a bad idea, no matter their intent.

Moreover, uBlock Origin is the way to go for desktop, esp. with Firefox. Peace. :peace_symbol::slightly_smiling_face:

#6
||example.org^$csp=frame-src 'none' 

prohibits all frames on example.org and it’s subdomains.

@@||example.org/page/*$csp=frame-src 'none'

disables all rules with the $csp modifier exactly matching frame-src ‘none’ on all the pages matching the rule pattern. For instance, the rule above.

@@||example.org/page/*$csp 

disables all the $csp rules on all the pages matching the rule pattern.

||example.org^$csp=script-src 'self' 'unsafe-eval' http: https: 

disables inline scripts on all the pages matching the rule pattern.

Source
https://kb.adguard.com/en/general/how-to-create-your-own-ad-filters#csp-modifier

#7

I am not quite sure what you are trying to say :wink:

Shouldnt that be a complaint for EasyList rather than Cloudflare?

1 Like
#8

First of all, let me state unequivocally that Withheld has my utmost respect for the help he’s given me and for their intelligence. I also want it known that Withheld understands adblocking so I am not stating otherwise. And now for something completely different.

Yes, that’s exactly what it’s supposed to do; however, and this is a big however, even AdGuard states that using the CSP modifier as in ^$csp=<value> ; ^$csp=<value>~example.com ; or @@||example.com^$csp=<value> , as basic examples for the public who may be consuming / reading this discussion, using these and more “complicated” CSP modifiers will not function when used with each version of AdGuard or even each version of AdGuard for the same operating systems. EDIT 2019-04-04T05:24:47+00:00 (So to not misinform the public at large, I felt thus paragraph had to be stated in response to Withheld who asked a question and then went on to answer it, which prompted my initial useless commentary which then, however, prompted dialogue which did end up as useful).

AdGuard, and as I previously mentioned though in a different context uBlock Origin, are currently the two most advanced “adblockers”. AdBlock Pro, as you’d mentioned being in use, is not able to handle the advanced syntax that AdGuard & uBlock Origin both are able to handle.

In fact, not opinion, ABP lags behind both AG/P and uBO in (most?) capabilities. As of 04.21 in 2018 AdBlock Pro began support of the CSP modifier & though I’m unsure how far they’ve travelled; they are most likely playing catch-up to AdGuard who, from my understanding and love for AdGuard (despite relying on uBlock Origin on my workstation :confused:), essentially codified the original schema as supported by “adblockers”. The devs over at AdGuard (find them when free on GitHub and they’ll be happy to discuss the pros and limitations of the CSP modifier and anything else product-related.) Tell them intr0 says “Hi!”, if you do, please :slightly_smiling_face:. Especially Andrey & Marie. Thank-you.

EDIT 2019-04-04T05:29:03+00:00 P.S. Your extensions read like mine from Firefox 3.6 (when AdBlock Pro worked and Ghostery didn’t exist (?) and neither did Privacy Badger. Also, running the three listed extensions simultaneously may cause issues. I know it specifies that running more than one “adblocker” will cause issues, though Ghostery and AdBlock Plus are essentially. Even Privacy Badger to an extent. Check out Privacy Possum @ https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/. Unless you’re pre-57 FF.

(Attachment publicKey - [email protected] - ca04f762bf69348d05e30d2bde125b4e2d10e361.asc is missing)

1 Like
#9

Thanks @intr0. Not disagreeing at all about which is better and for the record, while the my full list is incomplete, I use dozens of plugins and portable browsers for testing purposes only and roll back snapshots often :slight_smile:

1 Like
#10

@Withheld Yeah me too. Dev release a lot for me lately. With .onion addresses allowed via about:config. Sandboxed from my system ofc. The record was never about ‘better’, anyway, as my I hoped to clarify with my first EDIT spurred on by @sandro :slightly_smiling_face: hopefully made real. The second was one person joking with another.

closed #11

This topic was automatically closed after 14 days. New replies are no longer allowed.