How can I block Polyfill [.] io from loading a request

What is the name of the domain?

https://www.catering24.co.uk/

What is the issue you’re encountering

I’ve been sent a security alert from google ads saying there is an issue with polyfill.io and ads will be disapproved if not resolved. Is there a way of cloudflare blockin polyfill request from loading on my site in a short term fix whilst i wait for developers to wake up tomorrow?

What steps have you taken to resolve the issue?

This is the full request:

https://polyfill.io/v3/polyfill.min.js?features=default%2CArray.prototype.includes%2CPromise

What is the current SSL/TLS setting?

Full

1 Like

We got the same issue, and it was coming from Algolia. Upgrading to their latest version resolved the issue for us.

2 Likes

Hello @josh100
What version of algolia are you using?
We are running magento 2 and our version shows to be v3.13.4
On Magento marketplace this is the latest but still polyfill.io is coming up

We’ve just taken the latest version available, according to Algolia, it was resolved in this build: Release 3.13.2 · algolia/algoliasearch-magento-2 · GitHub

Go here, https://dash.cloudflare.com/?to=/:account/:zone/security/settings and enable this if it is not already

4 Likes

@cloonan amazing thank you. This worked great for me.

I assume cloudflare have just implemented this since the polyfill [.] io security alerts?

Is this a long term fix or do I still need to edit the site directly?

2 Likes

Hi, Page Shield PM here. Yes we have released this feature just now in responding to the latest polyfill compromises. You can read more in details at Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet.

Besides, Page Shield Monitor which helps achieve visibility into such compromises are included in all paid plans.

5 Likes

@zhiyuan to you and everyone at Cloudflare thank you for intervening so fast. I think I can say this on behalf of all cloudflare users it’s greatly appreciated.

Top work!

:pinched_fingers:

4 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.