Unable to login to "Zalando" and "Asos"

Hello,

I’m unable to login to my Zalando and Asos accounts with Brave.

The Zalando form returns “An error occured.”
The Asos form returns “Sorry, you can’t access your account for now.”

I tried to:
-Disable Brave Shields on “zalando.com” and “accounts.zalando.com”
-Disable Brave Shields on “asos.com” and “my.asos.com”
-Delete all cookies and cache
-Navigate in private mode
-Create a new profile without any extension

None of these work.
There is no issue with Chrome, Firefox or Edge for both accounts.

Brave version: 1.39.111

Regards

Hey @Deaudouce

Just tested asos.com, (new sign up). Not using a VPN or secureDNS?

Hello,

No I don’t use any VPN or custom DNS…!

Regards

@Deaudouce

At: https://www.zalando.com/ the browser window shows icons representing several countries - none of which are the USA.

The URL address for each of the represented countries, ends with the respective country’s two-letter code; for example:

• France: .fr
• United Kingdom: .uk

Let us say, that you are in England or in France. The Zalando.com websites:

• https://www.zalando.co.fr/
• https://www.zalando.co.uk/

Login [button] will redirect to: https://accounts.zalando.com/ . . . (a lengthy, authentication URL address).

–

In a Brave Browser - New Window, go to: brave://settings/cookies

Scroll down that settings page, to Sites that can always use cookies

Click the Add button

Enter accounts.zalando.com:443 as the site . . . but Do Not Enable

• Current Private session only
• Including third-party cookies on this site

Click the Add button

Repeat those steps for:

• [*.]zalando.co.fr:443
• [*.]zalando.fr:443
• [*.]zalando.co.uk:443
• [*.]zalando.com:443

If you encounter a reCAPTCHA, add these:

• www.google.com:443
• www.gstatic.com:443

While at: brave://settings/cookies

• Enable: Block third-party cookies
• Disable: Clear cookies and site data when you close all windows
• Remove all: Sites that clear cookies when you close them

–

Next, go to: brave://settings/content/javascript

Scroll down that javascript settings page to Allowed to use javascript

Click the Add button

Enter accounts.zalando.com:443 as the site . . . but Do Not Enable

• Current Private session only

Click the Add button

Repeat those steps for:

• [*.]zalando.co.fr:443
• [*.]zalando.fr:443
• [*.]zalando.co.uk:443
• [*.]zalando.com:443
• [*.]ztat.net:443

If you encounter a reCAPTCHA, add these:

• www.google.com:443
• www.gstatic.com:443

–

Recommended in order to reduce influence by websites:

In a Brave Browser - New Window, go to: brave://settings/content

Scroll down to “Additional permissions” . . . and set:

• Protocol handlers: Don't allow sites to handle protocols
• File editing: Don't allow sites to edit files or folders on your device
• Clipboard: Don't allow sites to see text or images on your clipboard
• Window placement: Don't allow sites use info about your screens to open and place windows

Scroll down to “Content” . . . and set:

• Pop-ups and redirects: Don't allow sites to send pop-ups or use redirects

–

Cookies check

In a Brave Browser > New Window, go to: brave://settings/cookies and in the upper-right area of the window, enter into the Search field: zalando

Then, search down the cookies settings page and check to see if zalando shows under Sites that can never use cookies . If exists, then remove the zalando entry.

JavaScripts check

In a Brave Browser > New Window, go to: brave://settings/content/javascript and in the upper-right area of the window, enter into the Search field: zalando

Then, search down the javascripts settings page and check to see if zalando shows under Not allowed to use javascript. If exists, then remove the zalando entry.

–

Thanks for the answer!

I tried your instructions, using “zalando.fr” as I live in France.
Unfortunately, I performed and checked twice your steps, but it still does not work.

I also checked if there was any network error returned in the developer tab.
If it is useful for you, the “/api/login” request returns a 403 error with the following response:

{
  "edge_error": "halt",
  "ref_id": "[...A long id...]",
  "wait": 60,
  "feedback": {
    "email": true,
    "url": "",
    "recaptcha": {
      "enabled": false,
      "type": 0,
      "sitekey": ""
    }
  }
}

Do your instructions work for you when you try to login?

Regards

@Deaudouce

I do not have an account.

I updated my earlier reply with more info and possible steps for you to consider.

@289wk

Thanks for the update.
I did everything, but unfortunately there is still the same issue.

I really don’t understand why it does not work. These are the only two websites where I have this login issue. And again, there is no issue at all with all other browsers I tried.

(By the way, the domain “zalando.co.fr” does not exist at all, it is just “zalando.fr” for France).

Regards

I only can tell you that I have the same problem with zalando, but no solution.

very strange.

I just tried to login to both sites with Brave from my Android phone:

• zalando.fr: Same error as on desktop
• asos.com: Works as expected

So the problem on “zalando” seems to be caused by Brave itself, and the problem on “asos” seems to be caused by a specific configuration on the desktop version. However, I don’t understand where this is coming from, as I don’t use any specific settings or VPN.

Regards

I tried to login to both sites today:

• zalando.fr: The error message changed to “Sorry, something’s not right. We are working on it right now. Please try again later. 18.6dec7b5c.1657906888.1c1b8bc6”
• asos.com: The issue has been fixed (no error with and without Brave shields)

Regards

I retested http://zalando.fr/ Test in private window mode, and possibly test in a new profile. VPN, or secureDNS may also affect the site.

zalando1470×1228 247 KB

@fanboynz
I have retested every step of this topic, including with a new profile and in private mode, there is still the same error.

I don’t have a VPN or custom DNS setting, and I don’t use any custom antivirus/firewall protection (I only use Windows Defender with default settings).

It’s really weird that it works for you and not for me, even with a “fresh/clean” method.

@Dax1
Do you still have the issue with “zalando”?

If you open a command prompt, ping zalando.fr does it give any responses?

@Deaudouce

Not clear to me, yet, that you get as far as:

Screen Shot 2022-07-15 at 9.17.32 PM397×533 25.9 KB

You probably have gotten that far, but screenshots will help us. Thanks.

–

When visiting:

• ‘https://zalando.fr’
• ‘https://www.zalando.fr’
• ‘https://www.zalando.com’

set the site-specific Shields (Lion icon - near right end of URL address field) settings:

• Shields: UP for this site
• Trackers & ads blocked (Aggressive)
• Cross-site cookies blocked
• Fingerprinting blocked (Strict)

–

Global Shields Settings:

In a Brave Browser > New Window, go to: brave://settings/shields

• Disable: Auto-redirect AMP pages (AMP - Google’s Accelerated Mobile Page)
• (Alternate setting for older Brave Browser versions, try: Disable Enable De-AMP at brave://flags)
• DISABLE: Prevent sites from fingerprinting me based on my language preferences
• Trackers & ads blocking: Aggressive
• Enable: Upgrade connections to HTTPS (HTTPS EVERYWHERE toggle switch)
• Enable: Block scripts
• Block fingerprinting (aka Fingerprinting blocking): Strict, may break sites
• Block cookies (aka Cookie blocking): Only cross-site

–
Next, go to: brave://settings/security

• Disable: Always use secure connections (HTTPS ONLY toggle switch)

–

Try to Sign In at ‘zalando’ . . . if not successful, then return to: brave://settings/shields

• Trackers & ads blocking: Standard
• Block fingerprinting (aka Fingerprinting blocking): Standard

Try again, to Sign In

–

I am not sure that the following will be helpful . . .

Clearing DNS cache

Option A

In a Brave Browser > New Window, go to: brave://net-internals/#dns and click on ‘Clear host cache’

Next, go to: brave://net-internals/#sockets and click on both of the following (in succession):

• Close idle sockets
• Flush socket pools

Exit / Quit Brave Browser

Exit / Quit everything else and Restart your computer.

Option B

How to flush DNS cache in Windows OS: ‘https://www.wikihow.com/Flush-DNS’

How to flush DNS cache in Mac OS: In a Terminal.app window, enter at the prompt:

dscacheutil -flushcache

Exit / Quit everything else and Restart your computer.

–

Notes re what are:

DNS cache:

• ‘https://www.lifewire.com/what-is-a-dns-cache-817514’

Socket pool:

With pooling, instead of closing a connection after it is used, we can keep it idle while it waits to handle another request. This saves the resources required to create a new connection.

• Ref. : ‘https://betterprogramming.pub/build-a-tcp-connection-pool-from-scratch-with-go-d7747023fe14’

–

@fanboynz
Yes, there is no problem (see below).

@289wk
Thanks for the answer.
Sorry it wasn’t clear. There is no problem when browsing “zalando.fr”. The error occurs on the “login” page (“accounts.zalando.com”), after filling login information and clicking on “Login” (only with Brave, not with other browers):

Capture d’écran 2022-07-16 1836111199×493 23.1 KB

I tried everything you wrote, but unfortunately there is still the same problem.

Regards

@Deaudouce

There is a website where I sometimes Sign In successfully. On the occasion of each success, I write down the various Brave Browser > Settings. Usually, an adjustment to the ‘Trackers & Ads’ and/or ‘Fingerprinting’, . . . and a lot of attempts to connect, ‘just kind of, sort of, stumbles to a success’.

Then, trying again, moments later, may succeed, or fail. Failures are noted by the website; roughly or simply:

• ‘Oops’ (99.9% of the time)
• ‘Unrecognized username and password’ (if using Safari on iPhone)

I can see in some of the NoScript (using Firefox) settings, that the troublesome website wants to know a lot about the connecting computing device/software. The website has a particular issue with wanting to get feedback re WebGL (that I usually have disabled).

I did, once, enable WebGL, but that did not satisfy the troublesome website.

Watching / monitoring the communications via Developer Tools, I can see that the pacing of Request < > Reply events, being monitored by the website, is probably the focal point of failure.

If I just happen to catch the window of opportunity, then there is a successful Sign In. Takes about 30 minutes, to make such a catch.

Looks like CitiBank is somewhat the same:

‘Citibank online freezes for a few seconds - #3 by event3horizon’

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.