Oxygen Builder/Editor gets an invisible Cloudflare Challenge in an iFrame, leading to error 403

I have been getting an error 403 when editing my product template, but only on my production site. When I checked my browser console, I see that Cloudflare is producing a challenge and telling me to turn on cookies … which never makes it to the front end where I can do something about it … and cookies are active anyway. The error comes up when the editor tries to bring in any product to display as a sample in the template. This doesn’t happen on staging sites, because Cloudflare is only attached to the production system.

Is there anything I can do to tell cloudflare not to do this when I am in the editor, or maybe in the (Wordpress) admin? I’ve been working around this bug for over a month. I’d accept any suggestions. Maybe there’s a page rule I can create? I don’t know much about the details of CF. Is it possible there’s something else going on and the challenge is a symptom? Sure, but I’m at a loss. I know the challenge is being deposited into the iFrame which is why it’s not visible, but knowing that doesn’t help me with what to do about it.

Thanks for any help.

You can certainly try adding your home IP address as an Allow in Firewall → Tools.

Maybe looking at Firewall Event Logs will show you what’s triggering the challenge.

We’ve been seeing the same kind of issue. What we’ve done is add bypass rules in two areas:

  1. Add a bypass in Firewall Rules
    URI Query String contains ct_builder OR URI Query String contains action=oxy_render_easy_posts
    Action is to bypass WAF Managed Rules
  2. Add a bypass in Page Rules
    yourdomain/wp-(login|admin)|yourdomain/(ct_builder|action=oxy_render_easy_posts)
    Security Level = High
    Cache Level = Bypass

You may need to add more query string rules depending on what modules you have active on the page. Inspect the chrome dev tools Console and Network tabs to see what’s failing.

1 Like

Thank you, The ‘Allow in Firewall → Tools’ didn’t fix it. I’ll try this new suggestion, and will see if I can narrow down exactly what is triggering the 403 with devtools.

This helped. Thanks!

This topic was automatically closed after 30 days. New replies are no longer allowed.