app icon indicating copy to clipboard operation
app copied to clipboard

Published 20 hours ago verified publisher icon simple-login

Server temporarily blocks if Dark Reader styles the page

Open mpeter50 opened this issue 2 years ago • 7 comments

Prerequisites

  • [x] I have searched open and closed issues to make sure that the bug has not yet been reported.

Bug report

Describe the bug When using the app.simplelogin.io website, after a number of page navigations the server does not respond anymore, when Dark Reader is allowd to style the page. I've contacted the SimpleLogin support, but it seems this is a technical issue that requires the involvement of developers/admins.

For details on what we have found please refer to the support ticket with number 2485. If you don't have access, please let me know and I'll write in more detail.

In short, it seems that when the addon named Dark Reader is allowed to style the website, after a few page navigations (log in, switching menu tabs, opening menus) the server stops responding. Sometimes this happens right at the first page navigation, sometimes only after several. In the network tab of the browser developer tools it can be seen that after the first request that does not get a response all further requests won't either. The server seems to use a 5 minute long IP block. While the block is active, not just web browser but wget requests also fail with a timeout, both from a WSL Debian environment running on the same machine as the browser, and from a real linux box that sits on the same private network.

Expected behavior The server does not block requests because of a webpage styling addon.

Environment (If applicable):

  • OS: Windows
  • Browser: Firefox
  • Version: which version?

Additional context I really don't know what Dark Reader does that causes the server to block requests, because it shouldn't touch network requests, cookies, DOM storage or any such thing. However, Dark Reader is a very popular addon (on the Firefox addon store alone it has ~880.000 users, and is a recommended addon by Mozilla), and possibly others are experiencing this problem, too.

I'll also open an issue at the repository of Dark Reader, and reference this one from there.

mpeter50 avatar Oct 26 '22 21:10 mpeter50

A detail I forgot. With the SL support agent we eliminated the possibility of this being caused by other addons. I've made a copy of my browser profile for testing, and gone through each of my addons to see which ones do I need to disable for the issue to go away.

After finding that disabling Dark Reader fixes the issue, I've tried Dark Reader the only enabled addon. When styling of the page was allowed, it still made SL's website to block me.

mpeter50 avatar Oct 26 '22 22:10 mpeter50

I was unable to reproduce this bug, but I'll keep trying. (I never used SimpleLogin before).

I have a guess: Dark Reader needs to analyze images (e.g., SVG icons on the site) so it needs to download these images. Currently, Dark Reader loads images proactively which may produce a lot of requests for this site (~800). May be, we should load these images "lazily". I'll try to reproduce and prepare a patch for this. Unfortunately, I can not give an ETA on this, so in the mean time I recommend disabling Dark Reader on SimpleLogin.

An observation: I do not get locked out from using the service, but I do not receive the proper images either.

image

bershanskiy avatar Oct 27 '22 02:10 bershanskiy

SimpleLogin has a decent dark mode available via a single click: image

Please consider using that instead of Dark Reader while we are fixing this issue.

bershanskiy avatar Oct 27 '22 02:10 bershanskiy

I have a guess: Dark Reader needs to analyze images (e.g., SVG icons on the site) so it needs to download these images. Currently, Dark Reader loads images proactively which may produce a lot of requests for this site (~800).

Are these requests done directly by Dark Reader as an addon, or by a content script injected to the webpage?

When the devtools is opened for the webpage, the network tab only shows 34 requests upon reloading the aliases tab, and another 33 when switching to the subdomains tab. This screenshot was made after swicthing back to the aliases tab:

image

The addon debugging tools says no network requests have been done by Dark Reader itself, but I don't actually know if this tab works at all in this menu, never used it before for this purpose:

image

mpeter50 avatar Oct 27 '22 11:10 mpeter50

Oh, this is happening, yes, I just looked at the wrong place.

Looking at the request logger of uMatrix, I see that when loading the SL wbsite, tons of SVG files are loaded from behind-the-scene, which usually means from an extension. I've copied this table of requests from there: https://gist.github.com/mpeter50/1becfe2c06d32ce9090ec66f04ed1240

Basically it is dozens of flag and payments icons, and a dozen browser icons.

mpeter50 avatar Oct 27 '22 23:10 mpeter50

I have the same issue. After enabling "Dark Reader" I am no longer able to access SimpleLogin from any browser, even from curl. It seems that my IP gets temporarily blacklisted.

SvetlinZarev avatar Mar 02 '23 21:03 SvetlinZarev

Please mention this issue in the releasenotes or somehwere else, since this is very frustrating and many users do not know what is causing it, and how to proceed to use Simplelogin;

A simple instruction to disable Dark Reader would be a good workaround, until this is fixed.

notDavid avatar May 18 '23 07:05 notDavid