Zum Inhalt springen
Menü
Sie müssen registriert sein, um mit der Community zu interagieren.
Diese Frage wurde gekennzeichnet
348 Ansichten

Hello everyone,

We have an on premise odoo v15 server which has been runing for quite a while without specific issues.

 This server is protected by cloudflare. Sometimes we get a challenge from cloudflare to check if "i am a robot". This used to work fine.


However since 3 days, there is a lot of jsonrpc request that end up being challenged by cloudflare. For example web/dataset/search_read, which is quite essential is detected as potentially problematic by cloudflare, which issues a challenge:


web.assets_backend.min.js:603 POST xxx/web/dataset/search_read 403 (Forbidden) (anonymous) @ web.assets_backend.min.js:603
jsonrpc @ web.assets_backend.min.js:597


request.response contains the HTML of the cloudflare's challenge page.

However, since odoo tries to parse it as a json:

const {error: responseError, result: responseResult} = JSON.parse(request.response);


we end up with an odoo client error, because of course json.parse can not parce an HTML page:

Uncaught Javascript Error > Unexpected token '<', "<!DOCTYPE "... is not valid JSON


To be honest, i'm a bit lost about this. Why does cloudflare sends so much challenge? Why can't odoo handle those challenges for json route? Its not like cloudflare is an obscure ddos protection :/


Any idea on how we could fix this issue?

We can't remove the protection for those routes, as any attacker could abuse them?

Avatar
Verwerfen
Verknüpfte Beiträge Antworten Ansichten Aktivität
2
Juli 25
227
0
Juli 25
3
0
Juli 25
236
1
Juli 25
348
0
Juli 25
296