-
-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudflare Block for Incoming Webhooks - Edge Functions #987
Labels
bug
Something isn't working
Comments
@pedrohssales , Hi! Did you manage to get around the limitation (apparently a bug) of supabase? Best |
I'm having the same problem! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I am encountering an Access Denied (403) error when my Supabase Edge Function named asaas_webhook attempts to receive payment webhooks. The error message indicates that access is being restricted by Cloudflare based on the browser's signature.
To Reproduce
Steps to reproduce the behavior:
Steps to reproduce the behavior:
Expected behavior
I expect the Edge Function to successfully receive and process the payment webhook data without encountering an Access Denied error.
Screenshots
Null
System information
Additional context
Asaas has indicated that the Cloudflare configuration of Supabase might be blocking the IPs of their service. The list of IPs mentioned are: 52.67.12.206, 18.230.8.159, 54.94.136.112, 54.94.183.101, 54.207.175.46, 54.94.35.137.
The webhooks do not even appear in the log of the Edge Function, which indicates that they are being blocked by the Cloudflare of Supabase. Additionally, I have tested sending the Asaas webhook to various other services such as Make and Zapier, and the webhook arrives normally in those cases. The issue only occurs with Supabase.
This Cloudflare block is a known issue. Asaas suggests that the IPs mentioned above should be unblocked in the Cloudflare WAF settings. (https://docs.asaas.com/docs/bloqueio-do-firewall-na-cloudflare)
As an additional measure, the error message I received indicated that access was being restricted based on the browser's signature. I suspect this might be related to the User-Agent: Java/1.8.0_275 header that Asaas uses when sending webhooks. If possible, adjusting the filter for this User-Agent in Cloudflare's security settings could potentially resolve the problem.
This problem is critical as it prevents my application from receiving and processing payment webhooks, which is essential for its functionality.
The text was updated successfully, but these errors were encountered: