@marcus I think that shouldn't be a bug of your Halcyon instance.I tried logging in with my private account and everything worked fine.If there's a connection problem between Halcyon and Pleroma,it won't let you login at all.I think your adblocker plugins could block the connections to your Pleroma instance.Login works through Halcyon but all requests after that are directly from the browser to Pleroma which could be detected wrong as thirdparty tracker.
@marcus Mastodon sets a session cookie (which counts as third party because Halcyon is on another subdomain) but I'm not sure if Pleroma has this session cookie,too.If that gets blocked,that doesn't matter anyway because Halcyon gets a OAuth Token at login which is used to authenticate you at Pleroma so that the session cookie is ignored here.
@marcus Oh sorry,I just noticed that I've completely forgotten this message.The problem seems to come from your Pleroma instance.Please edit your nginx.conf and remove the Access-Control headers from it.They've been set by Pleroma itself for a few months and if these headers are duplicated (one time from Pleroma and one time from nginx),that will cause bugs with clients on third-party domains (other subdomains are enough for the bug to appear).
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!