Confirmed Bug of Cloudflare, Cloudflare is not usable in my case

I believe there is no way to turn off Cloudflare https and use https for the website, I will have to move out of Cloudflare for now and may consider coming back once Cloudflare fix the Bug.

Why Cloudflare https must be disabled:
Because if I don’t and use Cloudflare out of box https and it’s certificate(which is convenient), Https only secured cookies would bug with my website, Nothing would work.

So I have tried both my own let’s encrypt certificate and pull origin Cloudflare download certificate on my ubuntu server using Nginx, The website would work but bug with IOS back button given how mobile safari back mechanism works(Page A to B, B back to A, Certain things stop working on A).

If I’m correct, This is because of two https redirects happening at the same time, One from my server, The other one from Cloudflare, And safari backs to the wrong one.

In my case Cloudflare is just not usable

Your server shouldn’t be redirecting HTTPS to HTTPS - if your server is receiving requests over HTTP then your zone is misconfigured.

Make sure the SSL/TLS mode in the dashboard is Full (Strict), not Flexible.

1 Like

Tried full strict, It causes IOS back button to bug

Configuration: Ubuntu and Nginx

Bug description:

In most if not all Safari version later than IOS 15 the following bug would occur if a website is using only A records instead of NS4.

A user clears cache then go to page A directly, Click something on page A then goes to page B, Press back button goes back to page A, And some html elements on Page A will no longer work, Including but not limited to Input Box, Select Dropdown Menu, However it works on all Android devices given how Android back button differs from recent IOS.

A bug nonetheless, To clarify what do I mean by NS4, NS4 is when a DNS zone is created on where the ubuntu server is hosted, Places like Digital Ocean or AWS, And then you go to your domain provider and enter those 4 nameservers records, On NS4, NO such IOS back button Bug would occur.

However, Some domain provider only support A records, Like Cloudflare, Where you create two records, One for the WWW, The other for the ROOT domain, And pointing those A records to the static IP address of the server, And whenever this is the case, The IOS safari back button bug would occur unless the page is refreshed once using JavaScript, But this does not feel like a fundamental solution and obviously not viable to suggest Apple to fix such barely noticeable bugs, Is there a fundamental solution to this?

Is this with proxied (:orange:) records or DNS only (:grey:) records?

I see no reason why DNS would be involved in this bug at all, unless you’re using proxied records on Cloudflare.

Both proxied and DNS only, I also tired it on Namecheap, As long as it is A records only, And not NS4, This bug occurs

If it’s happening with DNS only then that’ll be an issue with Apple or your website.

Cloudflare isn’t involved beyond supplying RFC-compliant DNS which will be pointing the device directly to your website in the event that your record is DNS only.

I don’t really know what you mean by NS4 either - NS records don’t tell a device which IP to go to for a website, in the end you will be using A/AAAA/CNAME records.

1 Like

I’m hosting the website on AWS, If I create a DNS zone, It came with 4 name servers, I then go to my domain provider and add those nameserver records, It works perfectly no bugs, At first I thought it is Cloudflare proxy thats causing it, And after trying it on Namecheap same bugs, I now know it’s not Cloudflare, However Cloudflare does not support NS4, Others like Godaddy or Namecheap does

There’s nothing special about having 4 nameservers - your device (or your configured DNS resolver) will only actually speak to one.

As long as you’re using the same record type (A/AAAA/CNAME) and the same record value (i.e IP or domain name) then there’s no difference in the eyes of DNS - assuming it’s DNS only on Cloudflare.

Going from proxied to DNS only can take some time due to cached records - you’ll want to make sure the device is definitely visiting the DNS only version.

If you’re experiencing differences at that point, that sounds like an issue with the device.

1 Like

@SUPERDADDY, this is thread #4, if you open others, they will be closed as spam.

1 Like

That’s simply not possible. The number of nameservers has absolutely nothing to do with how your browser interacts with a website.

It sounds like you have a working solution for yourself though, so best of luck in your future endeavors.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.