axsuul
Unable to set the cookies
Hi Configured my rails application in controller with following: reverse_proxy api_path, verify_ssl: true, headers: { 'X-API-Key' => mykey }, cookies: cookies do |config| config.on_missing do |code, response| puts "Body:#{response.body.to_s} Code:#{code} cookies:#{cookies}" end end When I am calling API through Postman with same credentials it is showing results, but when I called same API through my rails application it is showing following:
403 Forbidden
Hey, 3 years later... but did you manage to solve this CloudFlare 403 issue? If you can remember, I'd appreciate it if you could let me know how you did it! Cheers!
@rikkipitt I too was getting a 403 forbidden error from Cloudflare:
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
I fixed it by setting the host header to nil when calling reverse_proxy.
(Additional detail: the host header for the request to my reverse-proxy action was the URL of my main app server (in development, localhost:3000), and I guess that then causes problems when that header is forwarded along to the reverse proxy server. When I set the host header to nil, instead of forwarding the host header from the request to my main app server, the host header for the reverse proxy request gets set to the host of my reverse proxy server (in my example, my blog server), and in my case this causes Cloudflare to stop returning a 403.)
Here's the essence of how I did it (the key part being headers: { 'host' => nil }):
class BlogController < ApplicationController
include ReverseProxy::Controller
def index
reverse_proxy(ENV.fetch('BLOG_URL'), headers: { 'host' => nil })
end
end
