"Run in Val Town" button can trigger Cloudflare's protection

[andreterron]

Example: http://localhost:4322/integrations/github/github-users-stars-pagination/#email-yourself-when-you-get-a-comment-reaction

This is only triggered by a few code snippets. My hypothesis is that some keywords like Bearer could be triggering them.

This is what the page looks like:

One option we have is to turn code editors into a form, and do a POST navigation to that page. Alternatively, we link to vals that can be forked. But that would defeat the purpose of keeping the val's code managed in git.

[tmcw]

The clean solution to this is that we disable Cloudflare's WAF. There are threads about this, https://community.cloudflare.com/t/disable-waf-on-domain-and-subdomain/384737 - basically we want Cloudflare's proxing but not the WAF, and it'd be a bummer to have to work around an anti-feature.