How can I disable a security rule for a web asset?
My API is being blocked by Cloudflare Turnstile via the Interstitial pages.
SSupport AI
According to the Cloudflare documentation, Interstitial pages (also known as Challenge Pages) can interrupt the request flow by returning a full HTML page for the user's browser to render and solve. However, this mechanism can fail when the browser expects a non-HTML response, such as an AJAX or XHR (fetch) request.
To resolve this issue, you can consider using Turnstile Pre-clearance, which allows you to deploy granular security without forcing a disruptive Challenge Page response. By enabling Pre-clearance, the Turnstile widget issues a persistent clearance cookie (
For implementation details, refer to the guidance on Pre-clearance for Turnstile: https://developers.cloudflare.com/cloudflare-challenges/concepts/clearance/#pre-clearance-support-in-turnstile
To resolve this issue, you can consider using Turnstile Pre-clearance, which allows you to deploy granular security without forcing a disruptive Challenge Page response. By enabling Pre-clearance, the Turnstile widget issues a persistent clearance cookie (
cf_clearance) upon successful human verification on an initial HTML page. This cookie pre-clears the visitor to interact with sensitive API endpoints secured by WAF rules.For implementation details, refer to the guidance on Pre-clearance for Turnstile: https://developers.cloudflare.com/cloudflare-challenges/concepts/clearance/#pre-clearance-support-in-turnstile
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
