Website Broken - Cloudflare Infinite Loop

Your website is no longer loading under Firefox, this is new; starting sometime between week 4 of the Necropolis league and now.

The login page and a number of other account related pages are now redirecting to a Cloudflare intermediary which is dumping anyone using Firefox 121+ into an infinite verification loop which can never complete.

I'm using the most current version Firefox 128.

The ray ID does not appear to update with each page refresh/reload. There is no means to report this with debugging information aside from reaching out to you directly (here).

This is a silent failure from your perspective.

Ray ID: 8a5c8b323c377aec

This seems to occur with regular defaults, no extensions, and strict default privacy settings. Downgrading or whitelisting the site/privacy settings does not correct the issue.

On the Network tab of the Dev Tools, it is showing a 401 failure for PAT (which is common because it is not implemented everywhere), with everything else succeeding.

I'm only able to post this by temporarily using MS Edge because I'm otherwise unable to log into my account through my primary browser, and will likely not be able to participate in the upcoming league if I cannot use the trade site.

I will not use MS Edge or Chrome because they egregiously spy on everything, and that is unacceptable. There is no reason why a browser should during normal browsing keep trying to access the Mic/Webcam.

The OS is a fresh install of Windows 10 Pro, 22H2 19045.4651, so malware can be ruled out.

Cloudflare Support is unable to assist at the end user level. Something in your CDN configuration appears to be broken.

Normally the ray ID would change with each verification check reload (it does not, even 24 hours apart).

Seeing as this will likely impact your league launch, hopefully 8 business days is sufficient time for you to fix this.

if it wasn't it is now working, using firefox with add block and no script and it is loading fine, and has been working fine for years(well forever basically since i've been using firefox since at least 2012 if not longer)

Are you sure an addon isn't breaking it?

I can confirm that the website is still not working under Firefox.


New Ray ID:8a5d85aa4f289663

But other than that, same issues, infinite cloudflare loop, 401 on one of the queries for PAT.

I had removed all my extensions prior to posting, normally I use Ublock Origin, CanvasBlocker, and UMatrix (with white-listed settings for Path of Exile).

Also ruled out local stale cache by using Private Browsing.

For whatever reason, it is not working, and it is failing at Cloudflare.

It doesn't appear to be extension related (since the problem persists with all the extensions removed).

The only solution seems to be using another browser.

All i can say is that i'm using fire fox, and no features on the website are broken for me, i can log in, view, post, trade search trade, quoute people, and purchase mtx all on firefox.

maybe you need to start clearing you browser cache etc. but on fire fox it DOSE work.

Still an issue. Ray ID: 8a87d426cfb015a2

Works just fine with Firefox on my end. Is your connection secure?

Yes the connection is secure. It is a residential connection (doesn't change); https.

As I said previously as well, this is only happening with Firefox. Edge on the same computer has no issues but I can't use Edge alongside PoE.

Edit:

There is no workaround to it, this is a change in the challenges being done by Cloudflare that started a few months ago.

A person having this issue can test this relatively simply by navigating to the Cloudflare community site, to the page you log in/create a account, and noticing that the challenge fails there as well. (Hint: It fails everywhere).

I did a deep dive last night with a debugging version of firefox because some builds of Firefox have this issue as well with some fairly common default configurations meant to preserve privacy.

privacy.ResistFingerprinting=true is one of those features that will break this as well, but there are a number of compilation flags that can impact the challenge (it seems). (i.e. Dev's this is how you test whether you are blocking legitimate traffic enable this feature and try to access your own non-whitelisted site, you'll see you can't, and it will be replicatable).

The gist of the issue is, the Cloudflare challenge is now requiring access to History and Canvas APIs. (i.e. Your Browsing History, and the Canvas APIs for unique hardware device fingerprinting based on Graphic Card/Renderer).

Some browsers do not implement or make these APIs available. This causes Cloudflare challenges to block any legitimate connection in these cases (which are quite a large body of websites today).

When privacy advocates talk about second class citizenship, this is what they imagine. A time where if you don't identify yourself to every person you interact with, about everywhere that you go, and consent to have everything about you known as a condition just to purchase or use goods you've already purchased. Then you don't get to have access to those resources.

I sincerely hope Path Of Exile Developers reconsider this arbitrary requirement to pass Cloudflare, just to use and play their game.

Bumping this thread in case anyone else runs into this.

I was having the same issue. I think it was an addon. I set pathofexile.com as an exception for any addons, but that wasn't enough. I got around it by turning on safe mode (which disables all addons among other things), logging in to the website, and then going back into regular mode. I think it's something Cloudflare did.

To go into safe mode, just type "about:support" (without the quotes) into the address bar. From there, on the right side, you will see an option to go into safe mode. To get out of safe mode, just exit Firefox from the menu, relaunch Firefox, and you should be able to restore your previous session from the menu.

It seems that Cloudflare may have silently fixed the issue as of this morning.

I can now login with my credentials without issue or needing to do a workaround, and in fact even under more restrictive configurations of extensions I cannot trigger the failures I was previously seeing, except by manipulating the screen API (which may still be an issue with PS5 users, unfortunately). This seems to have a 50/50 shot at failing, but not an issue on PCs.

I will be monitoring this over the next few weeks but it seems this has at least for now been resolved... finally ::exasperated::.

This put an end to roughly 3 months of frustrating and non-resolvable interference and crazy making CSR doom loops (adding personal coercive cost in the form of sanity) to just use PoE as a product.

All I can say about this unbelievable issue which should be a non-issue, is this should never have happened.

Hopefully PoE Staff have set up some kind of independent monitoring system so when tests fail they get alerted before customers have to bring this to their attention.(as is standard professional practice industry wide for the past two decades, TPOSNA).

@Caligulove, wrt Firefox Troubleshooting, standard practices are to test with incognito first (to clear stale cache), then use about:profile to create a new test profile and then retest (this clears all extensions). This won't help the PS5 users.

The websites (cloudflare/poe) were previously failing for both, intermittently. This could occur under certain builds of Firefox (on Linux), on fresh profiles, and when privacy.RFP was set to true (for all builds tested), as well as with extensions like Ublock/CanvasBlocker (with static screen api size set instead of faked; a known bug that causes verification to fail across all platforms). It appears to be fixed now.