uMatrix block login and logout from bitbucket.org

[kortschak]

Prerequisites

• I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
  • I also searched the existing issues at https://github.com/gorhill/uMatrix/issues
• This is not a support issue or a question
  • Support issues and questions are handled at /r/uMatrix
• I tried to reproduce the issue when...
  • uMatrix extension is wholly disabled or not installed
  • uMatrix is the only extension
  • uMatrix with default lists/settings
  • using a new, unmodified browser profile
• I am running the latest version of uMatrix
• I checked the documentation to understand that the issue I report is not a normal behavior
• I used the logger to rule out that the issue is caused by my ruleset

Description

Attempting to login to bitbucket.org fails when uMatrix is globally enabled irrespective of whether it is disabled for the bitbucket.org scope.

This presents as a loop on trying to login where the website complains that it was unable to set a cookie (again despite uMatrix being disabled for the scope). During logout it presents as landing back at the website with the status being logged in.

A specific URL where the issue occurs

https://bitbucket.org/

Steps to Reproduce

1. Attempt to login to bitbucket.org.
2. Observer failure screen and click try again button.
3. Repeat 2 to taste.

Ruleset

atlassian.com * * allow
atlassian.com * cookie allow
atlassian.com * frame inherit
atlassian.com atl-paas.net * allow
atlassian.com atlassian.net * allow
atlassian.com auth0.com * allow
atlassian.com uchi-ui.us-east-1.prod.public.atl-paas.net * allow
bitbucket.org atlassian.com * allow
bitbucket.org atlassian.net * allow
bitbucket.org * * allow
bitbucket.org * frame inherit
bitbucket.org * script allow
bitbucket.org ajax.googleapis.com * allow
bitbucket.org atl-paas.net * allow
bitbucket.org atlassian.com * allow
bitbucket.org atlassian.net * allow
bitbucket.org bitbucket-assetroot.s3.amazonaws.com * allow
bitbucket.org bitbucket-connect-icons.s3.amazonaws.com * allow
bitbucket.org bitbucket-prlinks.us-east-1.prod.public.atl-paas.net frame allow
bitbucket.org bytebucket.org * allow
bitbucket.org cloudfront.net * allow
bitbucket.org d301sr5gafysq2.cloudfront.net * allow
bitbucket.org gravatar.com * allow
bitbucket.org js-agent.newrelic.com * inherit
bitbucket.org newrelic.com * inherit
bitbucket.org optimizely.com * inherit
bitbucket.org statuspage.io * allow
bitbucket.org wp.com * allow
circleci.com atlassian.com * allow

Supporting evidence

It's entirely unclear to me how to properly capture the failure here. The logger shows that all the events are being allowed, I cannot take a screen capture of the dashboard (which would show that both the atlassian and bitbucket scopes are disabled), but I can show the failure screen.

Your environment

• uMatrix version: 1.4.0
• Browser Name and version: FF 78.0.2
• Operating System and version: Ubuntu 18.04.4

[gorhill]

What is the state of referrer-spoofing? If enabled, did you try to disable it?

[kortschak]

Yes, I tried with all four states of spoof referrer and spoof <noscript>.

[gwarser]

When exactly this happen? When clicking on "Log in" on home page, submitting email, password, trying to log in using 3p provider? Share the uM log. Do you see any errors in browser console (Ctrl+Shift+J)?

[kortschak]

I give my email address, then password these are accepted and I'm asked for the TOTP. After having given the TOTP the loop failure starts.

There's a bunch of errors.

Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers. redux.js:362:13
    Redux 6
    exports resource://devtools/client/inspector/store.js:20
    Inspector resource://devtools/client/inspector/inspector.js:148
    InspectorPanel resource://devtools/client/inspector/panel.js:8
    build resource://devtools/client/definitions.js:171
    onLoad resource://devtools/client/framework/toolbox.js:2511
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:108
    onBeforeRequest moz-extension://6ea154db-cf63-4d21-9e71-cdcaa460b98e/js/webrequest.js:108
target is null MessageManagerProxy.jsm:171
    addListeners resource://gre/modules/MessageManagerProxy.jsm:171
    MessageManagerProxy resource://gre/modules/MessageManagerProxy.jsm:34
    ProxyContextParent resource://gre/modules/ExtensionParent.jsm:583
    ContentScriptContextParent resource://gre/modules/ExtensionParent.jsm:669
    recvCreateProxyContext resource://gre/modules/ExtensionParent.jsm:907
    recvCreateProxyContext self-hosted:844
    _recv resource://gre/modules/ConduitsChild.jsm:78
    receiveMessage resource://gre/modules/ConduitsParent.jsm:333
sender.tab is undefined 2 MessageChannel.jsm:1019
    promise resource://gre/modules/MessageChannel.jsm:1019
target is null MessageManagerProxy.jsm:171
    addListeners resource://gre/modules/MessageManagerProxy.jsm:171
    MessageManagerProxy resource://gre/modules/MessageManagerProxy.jsm:34
    ProxyContextParent resource://gre/modules/ExtensionParent.jsm:583
    ContentScriptContextParent resource://gre/modules/ExtensionParent.jsm:669
    recvCreateProxyContext resource://gre/modules/ExtensionParent.jsm:907
    recvCreateProxyContext self-hosted:844
    _recv resource://gre/modules/ConduitsChild.jsm:78
    receiveMessage resource://gre/modules/ConduitsParent.jsm:333
sender.tab is undefined 2 MessageChannel.jsm:1019
    promise resource://gre/modules/MessageChannel.jsm:1019
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:108
    onBeforeRequest moz-extension://6ea154db-cf63-4d21-9e71-cdcaa460b98e/js/webrequest.js:108
target is null MessageManagerProxy.jsm:171
    addListeners resource://gre/modules/MessageManagerProxy.jsm:171
    MessageManagerProxy resource://gre/modules/MessageManagerProxy.jsm:34
    ProxyContextParent resource://gre/modules/ExtensionParent.jsm:583
    ContentScriptContextParent resource://gre/modules/ExtensionParent.jsm:669
    recvCreateProxyContext resource://gre/modules/ExtensionParent.jsm:907
    recvCreateProxyContext self-hosted:844
    _recv resource://gre/modules/ConduitsChild.jsm:78
    receiveMessage resource://gre/modules/ConduitsParent.jsm:333
sender.tab is undefined 2 MessageChannel.jsm:1019
    promise resource://gre/modules/MessageChannel.jsm:1019
TypeError: PrecompiledScript.executeInGlobal: Argument 1 is not an object. ExtensionContent.jsm:567:25
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:108
    onBeforeRequest moz-extension://6ea154db-cf63-4d21-9e71-cdcaa460b98e/js/webrequest.js:108
Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. webrequest.js:108
    onBeforeRequest moz-extension://6ea154db-cf63-4d21-9e71-cdcaa460b98e/js/webrequest.js:108

I'm reluctant to share the uM log without knowing how to sanitise it.

[Kein]

Do you block 3rd party cookies in browser itself? Bitbucket relies on them because they use separate ID service:

[kortschak]

No I don't, and I would expect that it would continue to fail even after turning off uMatrix in the extensions control if that were the case, it doesn't.

[promi]

I have the same problem, in Chromium + uMatrix it works fine, but in Firefox it doesn't.