MrSteel
CDCloudflare Developers
•Created by MrSteel on 10/28/2024 in #general-help
CF Beacon XSS & Caching
Hi!
If I assumed correctly
https://static.cloudflareinsights.com/beacon.min.js/ is added for analytics when I enable Web Page Analytics.
For my website I enabled the Cloudflare standard Security Ruleset which includes the XSS protections. But in the console I now see:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/XYZ. (Reason: CORS request did not succeed). Status code: (null).
At the same time, when I do Lighthouse analytics it suggests: Serve static assets with an efficient cache policy for the beacon specifically.
How do I square this circle, what are the best practices for this beacon?
(My apologies if this is the wrong forum, could not decide between General and Pages)2 replies
CDCloudflare Developers
•Created by MrSteel on 10/27/2024 in #general-help
[Seeking Opinion] WAF Rule blocking php
Hi!
My website is in Astro so has nothing to do with any .php. When I look at my cache analytics I saw all these bots trying to access all kinds of .php endpoints.
So I added a WAF rule to block all .php requests. Is this a good idea? Are there better ways to do or what is standard practice?
Many thanks! Feel free to opinionate 🙂
4 replies
CDCloudflare Developers
•Created by MrSteel on 10/26/2024 in #pages-help
Astro + Functions
Hello!
I have an Astro project deployed on Cloudflare pages. I deploy it using GitLab CI which does the Wrangler CLI command. wrangler pages deploy .../dist/ --project-name ... --branch main´
My main goal is to keep the Astro static, and therefore have an API call within a contact page go to Functions.
I keep failing miserably and since I have no insight to what is working in the background cannot debug it properly. I roughly followed this Tutorial
My setup builds the Astro project into the dist/ folder, I then move my functions/ folder with the js scripts in there, followed by the Wrangler command.
Is my mistake there?
In my page I have a script part, which does:
const response = await fetch('/api/submit-form', {
method: 'POST',
...
And the functions folder has a functions/api/submit-form.js
So far all I get is 405 from both the page and a direct postman call. Not sure if this is maybe some cross origin issues or if I even reach this function at all.
Relevant test page: https://staging.personal-website-staging.pages.dev/contact/
Thanks for your help!
2 replies
CDCloudflare Developers
•Created by MrSteel on 6/27/2024 in #pages-help
GitLab Pages not working properly, getting 301 loops
Hi! I know this is about Cloudflare Pages, but I cannot get any location where to even ask my question.
I followed and repeated the guide on GitLab Pages about 5 times now.
https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/#for-both-root-and-subdomains
It works for 15 minutes. And then the page starts going into 301 redirect loops, images stop working and eventually its unreachable.
If you have any advice where to turn to please also tell me.
14 replies