←back to thread

Using Cloudflare on your website could be blocking RSS users

(openrss.org)
556 points campuscodi | 1 comments | 16 Oct 24 22:46 UTC | HN request time: 0.252s | source
Show context
jgrahamc ◴[17 Oct 24 08:00 UTC] No.41867399[source]
My email is jgc@cloudflare.com. I'd like to hear from the owners of RSS readers directly on what they are experiencing. Going to ask team to take a closer look.
replies(7): >>41867476 #>>41867836 #>>41868190 #>>41868888 #>>41869258 #>>41869657 #>>41876633 #
kalib_tweli ◴[17 Oct 24 09:24 UTC] No.41867836[source]
There are email obfuscation and managed challenge script tags being injected into the RSS feed.

You simply shouldn't have any challenges whatsoever on an RSS feed. They're literally meant to be read by a machine.

replies(2): >>41868120 #>>41874073 #
1. o11c ◴[17 Oct 24 21:36 UTC] No.41874073[source]
Even outside of RSS, the injected scripts often make internet security significantly worse.

Since the user-agent has no way to distinguish scripts injected by cloudflare from scripts originating from the actual website, in order to pass the challenge they are forced to execute arbitrary code from an untrusted party. And malicious Javascript is practically ubiquitous on the general internet.