Answer these questions to help the Community help you with Security questions.
Have you searched for an answer?
Yes.
Please share your search results url:
What? Discourse doesn’t produce URLs for searches.
When you tested your domain using the Cloudflare Diagnostic Center, what were the results?
I do not own the domain. I am merely a user of the site.
Describe the issue you are having:
I am attempting to access SteamDB and search for a game. The challenge feature is not working, because Safari 17’s CSRF handling is disallowing the frame from accessing the main site.
What error message or number are you receiving?
From the console in Safari:
[Error] Blocked a frame with origin “https://challenges.cloudflare.com” from accessing a frame with origin “https://steamdb.info”. Protocols, domains, and ports must match.
What steps have you taken to resolve the issue?
I can’t do anything. Either Safari is in the wrong, or Cloudflare is now perpetually broken because it does something wrong.
Was the site working with SSL prior to adding it to Cloudflare?
This is not applicable.
What are the steps to reproduce the error:
- Load https://steamdb.info in Safari 17 on macOS Sonoma developer beta
- Search for a game
- Be unable to use the site.
Have you tried from another browser and/or incognito mode?
I’m sure it works perfectly fine in any other browser, because they’re not as restrictive about security.
Please attach a screenshot of the error:
