cron
CDCloudflare Developers
•Created by cron on 12/11/2024 in #general-help
Possibly a WAF question: Trying to catch cf-mitigated in the client from a POST request
Hi, I have a WAF rule that should be sending back challenges on a POST request given certain conditions. I'm now trying to catch the cf-mitigated header that's being returned from it in the client and read it with JS, kind of like here: https://developers.cloudflare.com/waf/reference/cloudflare-challenges/#detecting-a-challenge-page-response
Looks like cf-mitigated is being returned within the preflight OPTIONS request, which the JS can't access as far as I know (I'm using axios if that's helpful information to have). Is there any strategy or CF tool you'd recommend to maybe transform the response or intercept it so that it could be returned to the client in a way that it would know if a cf-mitigated header was returned?
5 replies