Many console errors on your checkout page because key JavaScript and AJAX calls are

user65622 · December 23, 2024, 9:39pm

What is the name of the domain?

What is the error number?

I am seeing many console errors on your checkout page as key JavaScript and AJAX calls are being blocked by security rules.

What is the error message?

Many console errors on your checkout page because key JavaScript and AJAX calls are blocked by security rules.

What is the issue you’re encountering

Hello Following the security issues we are experiencing, can you guide us to resolve this security issue that was reported to us by Woocommerce in the attached comment? Hi there, Thanks for reaching back out and sharing those screenshots of the error on your checkout page. I am seeing many console errors on your checkout page as key JavaScript and AJAX calls are being blocked by security rules. For example: Full Size: Markup 2024-12-23 at 09.59.52.png - Droplr I would recommend: reviewing your Cloudflare security settings, or temporarily disabling it as a test reviewing your caching plugin settings, or temporarily disabling them as a test Hello, Thank you for your help, we will check with cloudflare Sincerely, Gael

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Hello
Following the security issues we are experiencing, can you guide us to resolve this security issue that was reported to us by Woocommerce in the attached comment?

Hi there,

Thanks for reaching back out and sharing those screenshots of the error on your checkout page.

I am seeing many console errors on your checkout page as key JavaScript and AJAX calls are being blocked by security rules.

For example: Full Size: Markup 2024-12-23 at 09.59.52.png - Droplr

I would recommend:
reviewing your Cloudflare security settings, or temporarily disabling it as a test
reviewing your caching plugin settings, or temporarily disabling them as a test

Screenshot of the error

cloonan · December 23, 2024, 9:57pm

Can you see the blocks in your WAF events tab? here, https://dash.cloudflare.com/?to=/:account/:zone/security/events? If so, you can craft a rule to allow those to pass, put the rule as the first in your list of WAF rules (if you have others), create teh rule here, https://dash.cloudflare.com/?to=/:account/:zone/security/waf/tools/

fritex · December 23, 2024, 10:52pm

May I ask if Rocket Loader is enabled?
Try disabling it from Cloudflare dashboard.
Purge Everything from the Cloudflare cache as well.

Allow your WordPress/origin web server IP address by adding it to the IP Access Rules as follows on the article below with the “allow” action:

That’s the CSP header.
May I ask if you’ve added it manually through the Cloudflare, or rather it’s coming from the web server itself, or via some WordPress plugin?

Furthermore, I haven’t seen WooCommerce having such inline script encoded like below:

I’d suggest enabling the debug and disabling WordPress plugins to see which one is printing this. Therefrom, troubleshooting where from does the Content Security Policy headers come from, otherwise you’re loading some resources from a sub-domain which isn’t allowed by the Access Policy or CORS.

user65622 · January 5, 2025, 9:28am

Hello,
Thank you for your help

system · January 7, 2025, 9:29am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare WAF is blocking Javascript being added to widget Security	5	49	December 25, 2024
Blocked due to a Plugin Website, Application, Performance	2	79	October 1, 2024
Bing Crawl Errors Getting Started	2	2349	December 16, 2021
How to bypass Woocommerce Booking Website, Application, Performance	2	20	January 20, 2025
Woocommerce Checkout page recieving 403 to Post Call General	1	507	February 16, 2024