Hello!
Tor Browser disables by default WebAuthn which has been fine with our
Gitlab instance so far (but does not work so well with our forum) if you
use a token like a Yubikey.
However, this does no longer work with the latest Gitlab update it
seems, which we picked up automatically yesterday:
"""
WebAuthn (supported, but disabled by default, since GitLab 13.4) is now
enabled by default. Users can now use Touch ID on Apple devices as a
second authentication factor, as long as their browser supports it. This
also eliminates error messages seen in browsers that are deprecating U2F
in favor of WebAuthn.
"""
So, if you have such a token enabled (as I do) and suddenly can't log
into our Gitlab anymore you can test your recovery code setup (hehe) and
then finally think about flipping the `security.webauth.webauthn` to
`true` as you would need to do anyway if you want to log into our forum
with your token enabled.
Hope this helps,
Georg