Seems like this monday stricter security measures are being enforced on map content uploaded via the old API. Does anyone know exactly what the criteria that is being picked out? I’ve found some longer iframe links to aws lambdas are being rejected.
Please enable cookies.
Sorry, you have been blocked
You are unable to access gather.town
Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.
Cloudflare Ray ID: 6d9d8055cfe386a8 • Your IP: 18.104.22.168 • Performance & security
ah shoot sorry will get this looked at asap – can you give an example url too please?
We have already replaced this kind of url with one that, apparently, looks less dangerous. So there isn’t any hurry to fix this on our end. (We had spaces to ship last night.) I will send you an example url shortly. Cheers!
ah ok great glad there was a workaround. sorry about that. significantly down-weighting the urgency then, want to see if anyone else runs into this or it’s safe to leave the blanket security precaution in place
Just wanted to formally reply with what the answer is: we installed a WAF lately that could be raising false positives especially with the HTTP API & setMap. When you encounter them, please let me know & I will forward it to our infrastructure team to look at it- like you said, you can usually change the link around a bit, but there’s nothing inherent to the API that we’ve done as far as I’m aware.
If you want to avoid this problem, I believe this won’t be an issue in the websocket API, as far as I can tell. Please let me know if you trigger WAF with the WS API. Thanks!