On my home network at the moment any and all shopify sites, including the admin dashboard of my own Shopify store is causing an infinite loop of cf captcha verification.
I see many folks on the internet/reddit thread complaining of this. It really seems like a bug on CF side! I am unable to do my job right now because of this. I’ve tried clearing cache, cookies, using three different browsers, and restarting my router… Nothing is working and on all shopify stores and admin dashboard I am infinite loop of the verification captcha. Please fix or provide help CF!
Can you share the name of a site in order to replicate this? And, as this is consistently failing, it may be work checking your system for malware, disable any ad blockers or other browser extenstions, trying incognito mode, and/or trying from a mobile device.
One site that consistently fails for me is https://midlandusa.com. It seems to be home IP addresses that are being blocked – did you all implement some change to your reputation system that’s penalizing dynamic IP addresses?
Hey cloonan - any shopify site does this for me a couple examples I have tested are: parkwaymusic.com and steezbrand.com
steez brand is mine, and I also cannot currently access my steez myshopify admin account. I have tried clearing my cache, cookies also going incog. I have no reason to believe I have any malware and I ran a quick test to see if my IP has a bed reputation, it came back perfectly clean.
This is clearly a problem for many users and I believe it to be a bug on CF’s side that is not being fixed. Here are a bunch of threads of other people having the same problem if you google ‘cloudflare verification infinite loop’
I am dead in the water when it comes to accessing Shopify at the moment which is quite hindering as it is my job to do so.
It may be, but the only reports we’re seeing are you @justinhenricks & @brett.warden. If the issue were widespread we’d see a lot of tickets and a lot more posts here.
I’ve been experiencing this exact issue on all Shopify websites. I’m just a consumer, I don’t run a website that uses Cloudflare, but I signed up just to echo this is happening to many people. I’ve tried multiple browsers on 3 devices with the same results. If I use my cell phone as a hotspot, I can access Shopify sites without issue, but as soon as I move to my WiFi, I am stuck in the loop described above. It feels like there is a larger issue with Cloudflare that has not been identified or addressed.
It works from my mobile device if I go on my mobile network and not from my home wifi.
I’m having a hard time understanding any situation ever where it would be understood as not a bug when I (a human) click the I am a human box and it infinitely loops in a very glitchy way.
I click I am a human captcha’s all over the web and get through them. This never-ending loop has got to be a bug of some sort.
In my js console I am seeing this error:
v1:1 Request for the Private Access Token challenge. [challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7fe7b3c97a1b10e5:1](http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7fe7b3c97a1b10e5:1) [challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7fe7b3c97a1b10e5:1](http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7fe7b3c97a1b10e5:1) console.clear() was prevented due to 'Preserve log' [Cloudflare Turnstile] Cannot find Widget cf-chl-widget-xv0gl, consider using turnstile.remove() to clean up a widget..
Error with Permissions-Policy header: Origin trial controlled feature not enabled: ‘interest-cohort’.
Some IP addresses are suddenly being targeted for CAPTCHA verification when Turnstile was previously letting them through without even the brief interstitial page.
At least for these cases, the verification is looping continously, perhaps due to a bug that wasn’t evident until 1. above happened.
I have a wild speculation that you’re not hearing much about this yet because most people don’t know how to dig down to engage Cloudflare about this directly, particularly since you’re two degrees removed from the websites people are actually trying to reach (seller->Shopify->Cloudflare); I’ve been trying to get the attention of Shopify and individual shopkeepers with limited success so far.
I have a hypothesis that my home IP address having a PTR DNS record that doesn’t have a corresponding A record is tripping a new/recent rule change (this was used as a rudimentary security check in IRC networks for a long time). I’m a sample size of 1, though, so it would take additional data to prove/disprove this.
Yeah - this seems pretty wild. I truly don’t understand why Shopify support and CF are seemingly not taking this more seriously. I just went to a store I frequent to shop and I literally can’t access the site.
I don’t know if this helps or complicates things, but another site I frequently visit (Discogs) landed on a similar “Your connection needs to be verified before you can proceed” landing page with a CF verification the same as Shopify, which I’ve never seen before, but it worked as I’d expect it to and the page loaded normally afterwards. I am still unable to access any Shopify stores, but the fact that I got a CF verification on a site that normally lets me through no problem makes me think that the issue is on CF’s side.
Im having the same exact problem and message when i try accessing various shopify sites the past couple days. @cloonan The reason Cloudflare isnt hearing much about it yet is because nobody wants to take the time to track down how to contact someone and report it. I didnt even want to, i had to make an account too (ugh). Theres several reddit threads going on about it on both shopify and Cloudflare’s reddit pages. This is happening to a lot of people and needs to be fixed asap.
This seems to just started working for me and many folks - for the record - were there any confirmed issues CF side that were causing this that have been rectified?
We are looking at this with our engineering team proactively, but in the meantime it would be helpful if we could get a HAR file and JS console log with reproduction on any of the affected URLs. Thank you!