as @omnaidu stated, it comming from your origin host / server.
When I do curl -I -XPOST https://projectbeta.xyz/wp-json/litespeed/v1/token, it return me this:
Normally, I am an visitor - and not logged-in user, so I could expect this at least from my point of understanding:
HTTP/2 401
date: Fri, 03 Dec 2021 23:09:08 GMT
content-type: application/json; charset=UTF-8
x-robots-tag: noindex
link: <https://projectbeta.xyz/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-litespeed-tag: fc6_HTTP.401
x-litespeed-cache-control: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUqtWErMnU8jN3zzHpdO2YmzCNGhvdh9zV0Jn8uBiNbketcAsSJhWvuQRMiVZItCg2otk%2BK09KDXCqpYMv4Rnue%2B2hGSsZJy9U707PfinvGOeb3U53yV1BlaJyyE2iSiiWw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b8075ecbb025cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
So, hm… at the end, does it mean it works only when you temporary enable the Development Mode at Cloudflare, or temporary enable the Pause Cloudflare for this site option, or even temporary switch from
to
?
Before doing this, may I ask you to check if you see some events in Firewall Events log at Cloudflare dashboard for your domain name?
Have you tried writing a ticket to https://quic.cloud/support/?
There seems to be issues as well for other users:
@user297 and @sachinnanayakkara.7 , in terms of this:
the issue here is Cloudflare proxy that alters the incoming IP so make it fail to authenticate
May I ask have you implemented as follows below to return the IP visitor on your origin host / server? (already mentioned in my first post at this topic):
Therefore, https://projectbeta.xyz/wp-json/litespeed/v1/ brings up endpoints at least.