jsperf.com icon indicating copy to clipboard operation
jsperf.com copied to clipboard

Published 20 hours ago verified publisher icon jsperf

CloudFlare blocks request to simple test with no external resources

Open ineeee opened this issue 4 years ago • 6 comments

CloudFlare is blocking access to adding a very simple test case. When trying to submit the test, a screen similar to LuKks on https://github.com/jsperf/jsperf.com/issues/518#issuecomment-552064381 is shown.

I opened this issue after searching reading existing issues because this one is not related to jQuery (#518, #522) or any external scripts, and i'm not using concat (#68, #345) and striked me as odd since the setup is so simple. Additionally, this test only includes "core javascript" and no libraries or frameworks, contradicting this comment.

Quoting asilluron, from https://github.com/jsperf/jsperf.com/issues/518#issuecomment-570938579:

JSPerf was created to test core JS Performance.

I'm certain substring and split have been part of javascript for at least 20+ years. One could argue const is an issue, but according to mathiasbynens on issue 345,

ES2015 is definitely allowed.

Other comment on #519 argues that its out of jsperf's control because blocking scripts is working as intended, but as previously stated I don't have any.

The CloudFlare screen says to tell the site owner what I was doing and the "Ray ID": 56e3fd578d4580ce

Steps to reproduce

  • Title: two comma separated values: split vs substring
  • Define setup: const str = 'foo,bar';
  • Code titles are substring and split respectively.

First code snippet:

var first = str.substring(0, str.indexOf(',')),
    second = str.substring(str.indexOf(',') + 1);

Second code snippet:

var temp = str.split(','),
    first = temp[0],
    second = temp[1];

Environment

I run Chromium 75 on Windows. I don't have any browser extensions (yes, not even adblocker). My ip isn't hated by CloudFlare either, I can interact with other cf sites just fine.

ineeee avatar Mar 03 '20 14:03 ineeee

changing the setup variable name to jklfjdslkfj fixed it: https://jsperf.com/two-comma-separated-values-split-vs-substring

what the hell man, cloudflare is stupid

ineeee avatar Mar 03 '20 14:03 ineeee

Just to confirm, you changed str to jklfjdslkfj ?

asilluron avatar Mar 03 '20 15:03 asilluron

Yes (well, close). I changed str to jfdlksj and successfully submitted:

screenshot

I replaced all instances of str with jfdlksj in the setup, test case 1 and test case 2, and successfully bypassed CloudFlare's block.

ineeee avatar Mar 03 '20 15:03 ineeee

I have been blocked as well.

Preparation Code:

<script>
  function createRandomString() {
    const text = "";
    const possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

    for (let i = 0; i < 5; i++) {
      text += possible.charAt(Math.floor(Math.random() * possible.length));
    }

    return text;
  }

  Benchmark.prototype.setup = function () {
    const emptyMap = new Map();
    const emptyObj = {};
    const map = new Map();
    const obj = {};
    const predefinedKey = createRandomString();
    const predefinedVal = createRandomString();

    for (let i = 0; i < 1000; i++) {
      const key = createRandomString();
      const val = createRandomString();

      map.set(key, val);
      obj[key] = val;
    }
  };
</script>

Code snippet 1:

emptyMap.set(predefinedKey, predefinedVal);

Code snippet 2:

emptyObj[predefinedKey] = predefinedVal;

Code snippet 3:

for (let key of map.keys()) {
  const val = map.get(key);
}

Code snippet 4:

for (let key of Object.keys(obj)) {
  const val = obj[key];
}

rstaib avatar Jun 05 '20 10:06 rstaib

I have just been blocked trying to create a benchmark with the following code:

Preparation code:

<script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.15/lodash.core.min.js"></script>
<script>
// from: https://stackoverflow.com/a/43044212/613198
_.insertSorted = (a, v) => a.splice(_.sortedIndex(a, v), 0, v);
_.insertSortedBy = (a, v, i) => a.splice(_.sortedIndexBy(a, v, i), 0, v);
</script>

Setup for all tests:

let inputArray = [
  {
    "id": "06BCCC25",
    "displayName":"Application"
  },
  {
    "id": "39F886D9", 
    "displayName":"Communication"
  },
  {
    "id": "22EA4ED5",
     "displayName":"Device"
  },
  {
    "id": "2F6E5FEA",
     "displayName":"Service"
  },
  {
    "id": "317BF72C", "displayName":"Service02"
  }
];

let newValue = {
    "id": "07BSSC25",
    "displayName":"Mail"
};

I've been using jsPerf for many years and it would be a pity if I had to look around for an alternative. I don't think using Cloudflare can really work for this sort of project because I believe it is blocking me because I enter JavaScript in text fields and it thinks I'm trying to make a XSS or similar attack. In fact I will have to stop using jsPerl until it is resolved, because even if some people here suggested changing variable names to fool the Cloudflare's attack detection, I don't want to be flagged by Cloudflare as someone who attacks websites.

I would suggest checking what CDN or DDoS protection, if any, is used by:

  • JSBin
  • jsFiddle
  • CodePen

because this has never happened to me on those websites.

rsp avatar Jul 01 '20 15:07 rsp

I was also blocked doing nothing out of the ordinary. Just loading jquery and fomantic-ui.

dlynchcodes avatar Aug 07 '20 16:08 dlynchcodes