When I add javascript code to menu widget using CustomHTML block it just spins and looks like the JS is being blocked
What steps have you taken to resolve the issue?
I setup a staging server with the exact same website code that does NOT go through Cloudflare. Code updated correctly and works perfectly. Can’t find how I can add an exception in WAF to allow this to work
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
you need admin rights… go to appearance then themes then customize the theme. Goto RightSideBar and add new code by selecting customHTML
You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Managed Rules my best guess, otherwise Bot Fight Mode or Browser Integrity Check.
Yes I am still having this issue. Thanks for the tips and I’ll take a look and see if I can find it. I do believe it is one of the rules in the Managed Rules set because if I disable those rules it starts working. The question is what exclusion rule do I create so that the “rule” doesn’t activate for this JavaScript.
You’d have to catch the challenged or blocked request in the Security tab → Events.
You can use “Filter” and select “URI Path” then “contains” then “path-where-you-test” to find them. Once found, click on the particular one for more details and it should show you the Ruleset and Rule ID → this is what you need.
May I ask if you’re using Free or Paid plan type for your zone?
Thanks again for your help! I am using the paid plan. Also there isn’t a specific URI for this error since this is a JS that loads a widget on every page on the website…
