[tor-project] Broken U2F token in Tor Browser with latest Gitlab update


Tor Browser disables by default WebAuthn which has been fine with our Gitlab instance so far (but does not work so well with our forum) if you use a token like a Yubikey.

However, this does no longer work with the latest Gitlab update it seems, which we picked up automatically yesterday:

WebAuthn (supported, but disabled by default, since GitLab 13.4) is now enabled by default. Users can now use Touch ID on Apple devices as a second authentication factor, as long as their browser supports it. This also eliminates error messages seen in browsers that are deprecating U2F in favor of WebAuthn.

So, if you have such a token enabled (as I do) and suddenly can't log into our Gitlab anymore you can test your recovery code setup (hehe) and then finally think about flipping the `security.webauth.webauthn` to `true` as you would need to do anyway if you want to log into our forum with your token enabled.

Hope this helps,