CD
Cloudflare Developersā€¢3mo ago
Waleed

šŸšØ Help: Worker causing JS Challenge loop, (UPDATE: trying a workaround)

Problem: Worker triggers endless JS challenges on product pages, even without query params. Goal: Set tracking cookies for UTM parameters (ttclid, gclid, etc.) Tried: āœ… Bypassing /cdn-cgi/, āœ… 200-only intercepts, āœ… Client-side cookies, āŒ Still loops Current Worker Code: 
export default {
  async fetch(request, env, ctx) {
    const url = new URL(request.url);
    
    // Skip CF challenge endpoints
    if (url.pathname.startsWith("/cdn-cgi/") || url.searchParams.has("cf_chl_")) {
      return fetch(request);
    }
    
    // PROBLEMATIC: Landing page tracking
    if (request.method === "GET" && url.searchParams.has("ttclid")) {
      const response = await fetch(request);
      if (response.status === 200 && response.headers.get("content-type")?.includes("text/html")) {
        const html = await response.text();
        const modified = html.replace("</head>", `<script>/* cookie logic */</script></head>`);
        return new Response(modified, { status: response.status, headers: response.headers });
      }
      return response;
    }
    
    return fetch(request);
  }
};
export default {
  async fetch(request, env, ctx) {
    const url = new URL(request.url);
    
    // Skip CF challenge endpoints
    if (url.pathname.startsWith("/cdn-cgi/") || url.searchParams.has("cf_chl_")) {
      return fetch(request);
    }
    
    // PROBLEMATIC: Landing page tracking
    if (request.method === "GET" && url.searchParams.has("ttclid")) {
      const response = await fetch(request);
      if (response.status === 200 && response.headers.get("content-type")?.includes("text/html")) {
        const html = await response.text();
        const modified = html.replace("</head>", `<script>/* cookie logic */</script></head>`);
        return new Response(modified, { status: response.status, headers: response.headers });
      }
      return response;
    }
    
    return fetch(request);
  }
};
Question: How can I set tracking cookies without interfering with CF's security challenges? Is there a specific pattern Workers should follow to avoid challenge loops on product pages? Any help is appreciated āœØ
2 Replies
Waleed
WaleedOPā€¢3mo ago
I don't, but at least i figured out where the error is happening , the infinite js challenge loop is happening because there's a new Response() and not because of the set-cookie . only problem is, request headers are immutable :\
Waleed
WaleedOPā€¢3mo ago
update, i tried it with cloudflare snippets and it seems that its working !, it innjected the cookie
No description

Did you find this page helpful?