Open Bug 1991383 Opened 1 month ago Updated 15 days ago

omegleapp.me - Blocked page displayed when accessed

Categories

(Web Compatibility :: Site Reports, defect, P1)

Product:
Web Compatibility
Component:
Site Reports
Platform:
Desktop
Windows 10
Type:
defect

Tracking

(Webcompat Priority:P1, Webcompat Score:8, firefox143 affected, firefox144 affected, firefox145 affected)

Project Flags:
Webcompat Priority P1
Webcompat Score 8
Tracking Flags:
Tracking Status
firefox143 --- affected
firefox144 --- affected
firefox145 --- affected

People

(Reporter: ctanase, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Keywords: webcompat:contact-in-progress, webcompat:needs-sitepatch, webcompat:site-report, Whiteboard: [webcompat-source:web-bugs][webcompat:diagnosis:ua-sniffing])

User Story

platform:windows,mac,linux,android
impact:blocked
configuration:general
affects:all
branch:release
diagnosis-team:webcompat
user-impact-score:1000

Attachments

(1 file)

image.png
176.71 KB, image/png
Details

Environment:
Operating system: Windows 10
Firefox version: Firefox 143.0/145

Steps to reproduce:

  1. Go to https://omegleapp.me/
  2. Observe the page.

Expected Behavior:
Page loads.

Actual Behavior:
Blocked page displayed.

Notes:

  • Reproduces regardless of the status of ETP
  • Reproduces in firefox-nightly, and firefox-release
  • Does not reproduce in chrome

Created from https://github.com/webcompat/web-bugs/issues/179819

Attached image image.png
status-firefox143: --- → affected
status-firefox145: --- → affected

Since nightly and release are affected, beta will likely be affected too.
For more information, please visit BugBot documentation.

status-firefox144: --- → affected
Severity: -- → S2
User Story: (updated)
Webcompat Priority: --- → P1
Webcompat Score: --- → 9
Depends on: firefox-not-supported
Keywords: webcompat:needs-contact, webcompat:needs-diagnosis, webcompat:needs-sitepatch
Priority: -- → P1
Webcompat Score: 9 → 8

I can reproduce on my home network connection (no VPN used at all), with current Firefox 143 release and 145 Nightly.

Chrome Mask trivially gets me past the block, so this seems to just be UA-sniffing.

Keywords: webcompat:needs-diagnosis

Trivial curl commands (reduced from copy-as-curl in network devtools) using our Chrome mask UA-string (good) vs. our real UA string (bad):

curl 'https://omegleapp.me/' \
  -v \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36' \

--> successful response, including HTTP/2 200 and all the expected web content.

curl 'https://omegleapp.me/' \
  -v \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0'

--> unsuccessful response, including HTTP/2 403 (forbidden) and Cloudflare's blocked-page web content.

jschanck & jesup - I think you have contacts at Cloudflare - could you ask them about this? (I'm guessing it's them rather than the site itself doing the UA-based blocking here, but I don't know enough about the internals of this blocking mechanism to know who's doing what.)

If it's helpful, here's a Cloudflare Ray Id from a Firefox 143 session where I was just blocked when trying to load this page (as I am every time with the default UA string): 9879d3dd1d29d02d

Flags: needinfo?(rjesup)
Flags: needinfo?(jschanck)

A contact there told me that it might be that the site has blocked our UA in their cloudflare settings. So we should reach out to the site operator as well.

Flags: needinfo?(jschanck)
See Also: → 1992518

(In reply to Daniel Holbert [:dholbert] from comment #3)

Chrome Mask trivially gets me past the block, so this seems to just be UA-sniffing.

Note, I tested the site a bit more in bug 1992518 and found that I need more thorough UA-spoofing than what Chrome Mask does, in order to actually use the site. (In particular: when you go to launch a chat, the site tries to make connections to wss://ws.omegleapp.me ; and those connections use your default UA string [and get blocked as a result] even if Chrome Mask is activated for https://omegleapp.me .)

With a more thorough UA-spoofing addon like https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/ , though, I'm able to connect to chats (text chats at least, that's all I've tried; and an audio chat where I didn't actually try speaking or hear the other user attempt to speak). I had some trouble getting it working on my first attempt, as documented on bug 1992518, but then it worked just fine when I tested again in a fresh profile.

So I think the site does seem to work if we can bypass (or get the site to lift) their UA-string-block.

The omegleapp.me website has a contact email-address at the bottom (hello@omegleapp.me) -- I an email just now to notify them about the issue & see if they can either lift the block or let us know of any reason for it.

Keywords: webcompat:needs-contactwebcompat:contact-in-progress
Flags: needinfo?(rjesup)
Whiteboard: [webcompat-source:web-bugs] → [webcompat-source:web-bugs][webcompat:diagnosis:ua-sniffing]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: