Open
Bug 1840385
Opened 1 year ago
Updated 1 year ago
kasada.io anti-bot protected sites (eg nike.com, twitch.tv) fail login with RFP due to UA missing <oscpu> token or reporting different OS
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
NEW
People
(Reporter: ke5trel, Unassigned)
References
(Blocks 1 open bug)
Details
STR:
- Enable
privacy.resistFingerprinting
on latest Nightly 116.0a1 on Windows and Linux. - Visit nike.com and try to login.
Fails with message:
We are unable to connect to our servers right now. Please try again later.
GENERIC "0 - POST request to https://unite.nike.com/login blocked"
Login fails due to the RFPTarget HTTPUserAgent
.
On Windows, the <oscpu> token (eg Win64; x64;
) missing from the Header/Navigator UA prevents login. It is present in the Navigator with the +NavigatorUserAgent
RFPTarget.
On Linux, the UA reporting as Windows prevents login, even with <oscpu> token (Win64; x64;
). The OS is accurate in the Navigator with the +NavigatorUserAgent
RFPTarget. Linux is easily detected by the TCP/IP fingerprint (https://browserleaks.com/ip).
twitch.tv is more forgiving, the Header does not need to be accurate but the Navigator does.
Updated•1 year ago
|
Severity: -- → S3
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•