Rule not working correctly

Can someone help me with this rule? I am trying to block requests that don't have a header.. is this due to cache orr
No description
No description
19 Replies
Peps
Peps6mo ago
Your rule screenshot omits some info (i.e action) can you send the full screenshot? ah I already see what's happening your rule is correct, but your postman request not
Peps
Peps6mo ago
No description
Peps
Peps6mo ago
notice the green bubble at the Authorization tab? You got something configured over there, which is overriding the authorization header you set. Open that tab and set it to No auth
Peps
Peps6mo ago
At my side I can confirm the WAF rule works fine when doing the correct postman request
No description
No description
soos
soosOP6mo ago
Thank you! that works in postman
fetch(API_URL, {
method: 'GET',
headers: {
'authorization': password,
},
})
fetch(API_URL, {
method: 'GET',
headers: {
'authorization': password,
},
})
soos
soosOP6mo ago
No description
soos
soosOP6mo ago
I can't get it to work with javascript though both snippests error (second one was directly exported from postman)
Peps
Peps6mo ago
idk, works for me
Peps
Peps6mo ago
No description
Peps
Peps6mo ago
getting the expected 404 there This is while being on https://drive-api.soos.dev/ if you want to call it from another (sub)domain, then you're going to need to setup CORS and all that
soos
soosOP6mo ago
What Hm I do have cors tho to *
Peps
Peps6mo ago
Also side-note, I would recommend doing authentication on your API's side, not Cloudflare WAF
soos
soosOP6mo ago
I want to off load everything to cf do you think its better to just do it on the api?
Peps
Peps6mo ago
not from what I see
No description
soos
soosOP6mo ago
can you check again now that I turned off the rule
Peps
Peps6mo ago
you'll need to edit your Cloudflare WAF rule to pass requests with the OPTIONS method for CORS to work
soos
soosOP6mo ago
oh
Peps
Peps6mo ago
and then just make sure your API handles those CORS requests correctly
soos
soosOP6mo ago
yeah if the api is communicating for options anyway it doesn't make sense to have this on cloudflare thank you for the help @Peps
Want results from more Discord servers?
Add your server