Detect Cloudflare WAF block pages and show a helpful error message in stead of "Received a malformed response from the API"#13574
Open
dario-piotrowicz wants to merge 1 commit intomainfrom
Conversation
🦋 Changeset detectedLatest commit: e916798 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![ask-bonk[bot]](https://avatars.githubusercontent.com/in/2454580?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Contributor
Changeset ReviewFile Reviewed:
|
| Criterion | Status | Notes |
|---|---|---|
| Version Type | ✅ | patch is appropriate for this bug fix (improving error message clarity) |
| Changelog Quality | ✅ | Clear description of the problem (confusing "malformed response" error) and solution (helpful WAF block detection with Ray ID) |
| Markdown Headers | ✅ | No h1/h2/h3 headers found |
| Analytics | ✅ | No analytics collection mentioned |
| Dependabot | ✅ | Not a dependabot changeset |
| Experimental Features | ✅ | Not an experimental feature |
✅ All changesets look good
create-cloudflare
@cloudflare/kv-asset-handler
miniflare
@cloudflare/pages-shared
@cloudflare/unenv-preset
@cloudflare/vite-plugin
@cloudflare/vitest-pool-workers
@cloudflare/workers-editor-shared
wrangler
commit: |
dario-piotrowicz
force-pushed
the
dario/13312/malformed-response-block-page
branch
2 times, most recently
from
5fb9af9 to
5fdb36a
Compare
…stead of "Received a malformed response from the API"
dario-piotrowicz
force-pushed
the
dario/13312/malformed-response-block-page
branch
from
5fdb36a to
e916798
Compare
workers-devprod
requested review from
a team and
penalosa
and removed request for
a team
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
WalshyDev
reviewed
Apr 17, 2026
| * @param body - The raw response body text to check. | ||
| * @returns `true` if the body appears to be a Cloudflare WAF block page. | ||
| */ | ||
| export function isWAFBlockResponse(body: string): boolean { |
Member
There was a problem hiding this comment.
WalshyDev
reviewed
Apr 17, 2026
| * @param html - The HTML body of a WAF block page. | ||
| * @returns The Ray ID hex string, or `undefined` if not found. | ||
| */ | ||
| export function extractWAFBlockRayId(html: string): string | undefined { |
Member
There was a problem hiding this comment.
i'd just pull from headers, body is fragile
Member
|
also for any and all html instead of json it'd be good to get a ray id even aside WAF, we can always use that to dig into logs :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #13312
When the Cloudflare WAF blocks an API request, the response is an HTML page rather than JSON. Previously, this caused a confusing "Received a malformed response from the API" error with a truncated HTML snippet. Wrangler now detects WAF block pages and displays a clear error message explaining that the request was blocked by the firewall, along with the Cloudflare Ray ID (when available) for use in support tickets.
A picture of a cute animal (not mandatory, but encouraged)