Cannot Post error on first visit. Works on second visit

Sorry, I’m new to this stuff. I have a website called Lanternfall.com. On the first visit, it will check the browser and then go into a cannot post error. On the second visit, it works fine. This issue does not always happen sometimes it will work first try.

We are using node.js and express

1 Like

It looks like you have an admirably tight CSP that’s thwarted by what looks like a Cloudflare Challenge you’ve set up on your site.

1 Like

Do you know what I can do about this? I haven’t set a CSP header in my server.js since I don’t know if it’s needed. If so what would it look like to include the Cloudflare challenge?

Someone has set a very restrictive CSP header somewhere. Dev Tools for that page should show you the headers, and I expect them to reveal the CSP header as well.

1 Like

Due to the CSP header, could you re-check and search for possible setHeader("Content-Security-Policy" in your code?

Or, at elast, could below help a bit?:

app.use(helmet.contentSecurityPolicy());

// This disables the `contentSecurityPolicy` middleware but keeps the rest.
app.use(
  helmet({
    contentSecurityPolicy: false,
  })
);

At NodeJS, kindly try to search there too for like:

response.writeHead(200, {
          "Content-Security-Policy": "default-src 'self'"
           // other security headers here...
      });

But, again, seems to me it’s not the Cloudflare as @sdayman already pointed out.

1 Like

If you can’t fix the header issue at the origin, you may have to turn off that Challenge until you can track down where the header is coming from. You could try using Cloudflare Workers to override your CSP. The “sanitiseHeader” feature might be the way to replace your CSP:

1 Like

I eventually figured out the issue. Disabling Under Attack Mode fixed the issue.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.