Hi, I’ve been running into a bizarre issue for the past week.
Basically, I have an Access Application with an Allowed Emails policy that holds a single Access Group. I cannot add a new Access Group to that policy, I cannot create a new Policy. Basically I can’t do anything to this Application.
Doesn’t matter which way I try to get around this, I get the same error.
Error configuring your application: access.api.error.invalid_request: include field should not be empty
Having the same problem and I’m starting to get extremely frustrated. The include field is obviosly not empty, and even checking the http request is shows that the emails are being sent to the application. WTF?
Also cannot create or alter any access groups at all, creating a new group does not work, editing an old group does not work, we’re dead in the water because of this issue
I cannot reproduce this when trying to add a group to an existing policy or new policy and I can create Access Groups OK. Can you provide steps to reproduce if you are still experiencing issues?
I can create any access group with any includes, but when I check off 'Set as my Default Group" I get this error. If I try to edit the Default Access group that already exists, I get this error. This has been going on for about a week now, we cannot fix it. Starting from scratch also did not resolve this, it just made our problem worse since we can’t do anything with our default groups and now we cannot use the platform at all.
So after playing with this for a while it looks like it happens most frequently when trying to set an Access Group as default, or editing the default Access Group, basically cannot edit an existing access group or create a new one and set it as default without this error being thrown.
Does anyone have any solutions to this, has anyone else had this issue? We’re still unable to make any changes to the default access group for what I strongly suspect is a bug. What recourse do we have available to us for support on this?
I’m trying to setup a group policy to only allow people in my GitHub team in an Organization to access certain services (such as ssh to prod server), but whenever I’m trying to change to allow only a team out of organisation (currently all members of org have access), I get this error: access.api.error.invalid_request: include field should not be empty
I get this as soon as I add the team to field, if I remove it it still doesn’t work, ultimately I have to create a new group policy with access to all people in org, change in each application and remove the old group policy to make Cloudflare Access work again
Also, when I click on the group policy, it drops down shows this:
Include
Unknown Type: gthub-org-username,
If I don’t delete the old policy and open it to edit, it shows: There is an error with one or more of your rules. Check your group configuration and try again.
This is shown regardless of team being added or not to policy.
Thanks for the extra details @kyle24, I am unfortunately still unable to reproduce the issue when creating a group and setting it as the default or when trying to use that in a rule.
I have escalated this thread to see if Support can figure this out as I can’t replicate it at all.
Cloudflare have received multiple other reports of this error and Support can also reproduce it. There is an internal escalation to address this and they will update here once it is resolved.
I am having the same issue, but I found a workaround:
1 - Disable the access group as default
2 - Make whichever changes to the access group
3 - Save
4 - Enable the access group as default
Unfortunately that workaround doesn’t work for us, we’re unable to set any other access group as the default, we will get this error message. Config of the access group doesn’t matter, it always fails with the same error message.
Hopefully there is resolution soon, we’re still down.
