javery
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
Ergh, I'll do some more research. Thanks for the insights @Leo 🙏
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
true, but we could put a rate limit as well on that right?
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
My hope is that this would be such a common issue across the internet that someone has found a secure solutions.... and blogged about it 😄
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
Or because OPTIONS aren't super weighty, allow the OPTIONS requests to bypass the WAF and just limit the POST and GET ?
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
I wonder if you could action something based upon a failed preflight request though? If the user has passed the challenge surely any follow up queries on teh OPTIONs would be allowed?
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
Are you aware of another way to solve the issue above to allow for challenges against an XHR request to legitimate requests make it through but attacks are stopped?
8 replies
CDCloudflare Developers
•Created by alvessh on 12/26/2024 in #general-help
Request to API behind a challenge managed between different domains
^ I'm looking to do the same thing, but for a website on domain-1.com making requests to an api on domain-02.com
8 replies