{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidt4e6dghk5t3vqp7nim5iletwfmf2aja6rixsvbr4sjliniy54s4",
"uri": "at://did:plc:hqad6xwuzg7oqfmwylfkvqfm/app.bsky.feed.post/3mj5azndwfo22"
},
"path": "/viewtopic.php?t=32045&p=272141#p272141",
"publishedAt": "2026-04-10T11:10:52.000Z",
"site": "http://forum.palemoon.org",
"tags": [
"Issue #3042 (UXP)"
],
"textContent": "To keep people in the loop here, the response given by CloudFlare was this:\n(do read below the quote how it was not even correct)\n\n\n> Thanks for your patience. We’ve identified the root cause of the challenge loops and have an update on a short-term fix.\n>\n> Root Cause\n> Pale Moon’s implementation of WebGLRenderingContext.getContextAttributes() is missing the powerPreference field that Firefox (version 100+) and other modern browsers include. This causes our challenges to receive an invalid payload and incorrectly flag users as bots.\n>\n> We’ve implemented a fix that will go out in our next release to unblock your users. However, this is a temporary bridge. We’re patching around a Web API compatibility issue that should be fixed in Pale Moon itself.\n>\n> Ask\n> To match modern Firefox behavior (version 100+), Pale Moon needs to implement getContextAttributes() with the complete attribute set, including powerPreference. This will ensure compatibility not just with Cloudflare, but with other sites relying on standard WebGL behavior.\n>\n> Also, while I have you, we are still seeing issues with the Pale Moon CSP implementation. Would you be able to take a look?\n>\n> Any other ideas/suggestions?\n>\n> Beyond this immediate fix, I’m interested in building a more sustainable partnership between Pale Moon and Cloudflare. Previously we made exceptions in our logic for Pale Moon, but those are now exploited by bots, and are no longer a viable option for our customers. We want to protect apps without blocking legitimate traffic, and I know you want the same for your users. What does a sustainable partnership look like from your perspective? Have you seen anything work well in the past?\n>\n> I’m looking forward to your thoughts and working together!\n\nI've put in time this morning to implement the completely optional hint property to canvas WebGL context (Issue #3042 (UXP)) only to find out that it didn't in fact solve the problem at all; the exact same error gets thrown. \"Found the root cause\"? nope, they did not. But maybe they think it would have been hard to home in on and add? It was pretty trivial.\nAlso, \"matching modern Firefox\" still did not acknowledge that UXP isn't Mozilla, and Pale Moon isn't Firefox, and our independent nature is still completely ignored.\nAlso, CSP issues? There should not be any because their turnstile troubleshooting page which should be entirely without specific Pale Moon mitigations passed with flying colours for the longest time, and CSP hasn't changed since then. So it's all a bunch of either miscommunication within CF, or trying to mask incompetence, or worse.\n\n> I’m interested in building a more sustainable partnership between Pale Moon and Cloudflare.\n\nDeja vu, anyone? This should have been a priority a year ago. They really can't be serious pretending this is a first outreach or start of building something.\n\nNeedless to say they got a pretty wordy piece of my mind as a result. I'll have to wait and see what they are intending going forward.\n\n* * *",
"title": "Browser Support • Re: Cloudflare Verification Loop issues",
"updatedAt": "2026-04-10T11:10:52.000Z"
}