HuffPost website stuck in infinite reload when using Shields

[FWDekker]

Description

The HuffPost website sends the user in an infinite loop of reloads when Shields is enabled.

Steps to Reproduce

1. Ensure that Brave Shields is enabled.
2. Accept the consent form.
3. Go to HuffPost.com or some article on the website.

Actual result

The user is sent to the front page even when an article is visited. The page then keeps refreshing itself every second or so.

Expected result

The page is loaded eventually.

Reproduces how often

Easily reproduced

Brave version (brave://version info)

Brave     0.62.51 Chromium: 73.0.3683.103 (Official Build) (64-bit)
Revision  e82a658d8159cabbd4938c1660f9bb00b4a82a23-refs/branch-heads/3683@{#902}
OS        Windows 10 OS Build 17763.437

Version/channel information

I have not tried reproducing this bug on other versions.

Other additional information

• The issue resolves itself when disabling Brave Shields.
• The issue is not reproducible on the latest version of Chrome.

[srirambv]

Works fine for me on Linux. @btlechowski can you check on Windows?

[FWDekker]

I was able to reproduce this on Linux using the steps above. I'm running Kubuntu 18.04 with Brave at the exact same revision as my Windows machine.

After going to huffpost.com I am redirected to https://www.huffpost.com/?guccounter=1, and after that I am continuously redirected to URLs of the form https://www.huffpost.com/?guccounter=1&guce_referrer_us=aHR0cHM6Ly9ndWNlLmh1ZmZpbmd0b25wb3N0LmNvbS8&guce_referrer_cs=<some random string>.

[FWDekker]

I mixed up the actual and expected results 🤦‍♂️ I have now corrected them

[jeroenev]

Same issue here, Ubuntu18.04 with Brave 0.63.48
changing shields have no effect, except for cookies
as soon as I allow third party cookies or block all cookies the site functions normally

[srirambv]

I still cant reproduce this issue on Linux on a clean install of 0.63.48. Default shields settings just load the site normally.

Here's a screen recording of it https://youtu.be/AK3AGc7DDEc

Could you guys try clearing the browser cache once and try again?

[jeroenev]

can definitely confirm it still occurs then for me
also still breaks in incognito window, with all extensions disabled
-adblocking on
-3party cookies blocked
-encrypted connections on
-scripts allowed
-3p device recognition blocked
what did you use to record?

[btlechowski]

Reproduced on clean profile by loading https://huffpost.com/ and consenting to ToS/GDPR. The page started to refresh itself, eventually I got an error:

Brave	0.63.48 Chromium: 74.0.3729.108 (Official Build) (64-bit)
Revision	daaff52abef89988bf2a26091062160b1482b108-refs/branch-heads/3729@{#901}
OS	Windows 10 OS Build 17134.523

@srirambv Do you get consent form when going to https://huffpost.com/ on clean profile?

[FWDekker]

I created a fresh Ubuntu 18.04 VM and installed Brave 0.63.48. The issue still occurred.

What I find interesting is that your video does not show the "Before you continue..." consent menu when you open the page. It is only after I press "OK" that the redirecting starts. I realise now that I should have included that in the "Steps to Reproduce" section 😕 (I have just added it for completeness' sake.)

[jeroenev]

first page_load: https://www.huffpost.com/
second page load: https://www.huffpost.com/?guccounter=1&guce_referrer_us=aHR0c***NvbS8&guce_referrer_cs=q69A9rvs7MC******
the last part guce_referrer_cs keeps changing on every request/every second

@FWDekker, the consent option only shows first time, so if you approved once it keeps happening
maybe this is related to that GDPR consent thing? Do only people from Europe have this issue?

[jeroenev]

Can confirm, when loading the site using a VPN to the USA, this issue does not occur
after disabling the VPN, the issue re-appears.

[FWDekker]

@jeroen7s Interesting. Can you confirm that it is not because of the VPN itself? For example by using a Europe-based VPN?

[srirambv]

@btlechowski @jeroen7s I don't get a ToS consent and am not behind VPN. Can check with a EU VPN and update here.

[jeroenev]

@FWDekker can confirm, connecting the VPN to the Netherlands the issue occurs,
connecting from my regular IP (Belgium) the issue also occurs
connecting the VPN to the US the issue is gone (so is the GDPR consent prompt).
All Tested using fresh incognito windows.

[btlechowski]

No longer reproducible on

Brave	0.63.55 Chromium: 74.0.3729.131 (Official Build) (64-bit)
Revision	518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS	Windows 10 OS Build 17134.523

Brave	0.64.72 Chromium: 74.0.3729.131 (Oficjalna wersja)beta (64-bitowa)
Wersja	518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
System operacyjny	Windows 10 OS Build 17134.523

Steps:

1. Use IP from a GDPR country
2. Clean profile
3. Open https://www.huffpost.com/
4. Consent to GDPR if applicable

Note: checked on IP from Poland and US.

Verified passed with

Brave	0.64.72 Chromium: 74.0.3729.131 (Official Build) beta(64-bit)
Revision	518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS	Mac OS X

• Verified steps above for both Netherlands and US IPs

Verification passed on

Brave	0.64.72 Chromium: 74.0.3729.131 (Official Build) beta(64-bit)
Revision	518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS	Linux

• Verified via EU IP and US IP

[btlechowski]

Added to 0.64.x so we can verify on all the platforms.

[jeroenev]

yup, can confirm the issue is gone now 👍

[FWDekker]

The issue no longer occurs for me either! 👍