←back to thread

Using Cloudflare on your website could be blocking RSS users

(openrss.org)
556 points campuscodi | 1 comments | 16 Oct 24 22:46 UTC | HN request time: 0s | source
Show context
jgrahamc ◴[17 Oct 24 08:00 UTC] No.41867399[source]
My email is jgc@cloudflare.com. I'd like to hear from the owners of RSS readers directly on what they are experiencing. Going to ask team to take a closer look.
replies(7): >>41867476 #>>41867836 #>>41868190 #>>41868888 #>>41869258 #>>41869657 #>>41876633 #
kalib_tweli ◴[17 Oct 24 09:24 UTC] No.41867836[source]
There are email obfuscation and managed challenge script tags being injected into the RSS feed.

You simply shouldn't have any challenges whatsoever on an RSS feed. They're literally meant to be read by a machine.

replies(2): >>41868120 #>>41874073 #
kalib_tweli ◴[17 Oct 24 10:14 UTC] No.41868120[source]
I confirmed that if you explicitly set the Content-Type response header to application/rss+xml it seems to work with Cloudflare Proxy enabled.

The issue here is that Cloudflare's content type check is naive. And the fact that CF is checking the content-type header directly needs to be made more explicit OR they need to do a file type check.

replies(1): >>41868798 #
londons_explore ◴[17 Oct 24 11:58 UTC] No.41868798[source]
I wonder if popular software for generating RSS feeds might not be setting the correct content-type header? Maybe this whole issue could be mostly-fixed by a few github PR's...
replies(4): >>41869066 #>>41869112 #>>41869113 #>>41877322 #
onli ◴[17 Oct 24 12:41 UTC] No.41869113{3}[source]
Correct might be debatable here as well. My blog for example sets Content-Type to text/xml, which is not exactly wrong for an RSS feed (after all, it is text and XML) and IIRC was the default back then.

There were compatibility issues with other type headers, at least in the past.

replies(1): >>41869959 #
johneth ◴[17 Oct 24 14:23 UTC] No.41869959{4}[source]
I think the current correct content types are:

'application/rss+xml' (for RSS)

'application/atom+xml' (for Atom)

replies(2): >>41870071 #>>41873080 #
1. londons_explore ◴[17 Oct 24 14:34 UTC] No.41870071{5}[source]
Sounds like a kind samaritan could write a scanner to find as many RSS feeds as possible which look like RSS/Atom and don't have these content types, then go and patch the hosting software those feeds use to have the correct content types, or ask the webmasters to fix it if they're home-made sites.

As soon as a majority of sites use the correct types, clients can start requiring it for newly added feeds, which in turn will make webmasters make it right if they want their feed to work.