Skip to content

docs(bots): warn that blocking /cdn-cgi paths degrades JS Detection#31976

Open
zeinjaber wants to merge 1 commit into
productionfrom
docs/DEE-3693-blocking-cdn-cgi-paths-degrades-jsd
Open

docs(bots): warn that blocking /cdn-cgi paths degrades JS Detection#31976
zeinjaber wants to merge 1 commit into
productionfrom
docs/DEE-3693-blocking-cdn-cgi-paths-degrades-jsd

Conversation

@zeinjaber

Copy link
Copy Markdown
Collaborator

What

Adds a warning callout under the Limitations section of the JavaScript Detections page explaining that blocking /cdn-cgi/challenge-platform/ or /cdn-cgi/rum silently degrades JS Detection accuracy.

Why

Customers who apply broad WAF or firewall rules matching /cdn-cgi/ paths can inadvertently prevent the JavaScript Detections script from executing. When this happens, cf.bot_management.js_detection.passed returns false for all affected requests with no visible error to the visitor, leading to unexpected bot score behavior and misfire of enforcement rules.

Files changed

  • src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx — new ### If you block /cdn-cgi/ paths section with a caution callout

How to verify

Navigate to /cloudflare-challenges/challenge-types/javascript-detections/ and confirm the new caution block appears at the bottom of the Limitations section.

Closes DEE-3693

@zeinjaber zeinjaber requested review from a team, elithrar and marinaelmore as code owners July 9, 2026 18:08
@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review

💡 1 suggestion found in commit 301e636.

Fix in your agent
Fix the following review findings in PR #31976 (https://github.com/cloudflare/cloudflare-docs/pull/31976).

Before making changes, review each finding and present a brief summary table:
- For each finding, state whether you agree, disagree, or need clarification
- If you disagree (e.g. the fix requires disproportionate effort for minimal benefit,
  or the finding is factually incorrect), explain why
- If you need clarification before deciding, ask those questions
- Then share your plan for which issues to tackle and in what order

After triaging, fix all legitimate findings. For any you decide to skip,
post a comment on this PR with the finding ID and your reasoning.

---

## Style Guide Review

### Suggestions (1)

#### SG-65b977d4c270 · Passive voice
- **File:** `src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx` line 180
- **Issue:** Line uses passive voice: 'No error is surfaced to the visitor'
- **Fix:** Rewrite in active voice, e.g. 'Cloudflare does not surface an error to the visitor.'

Code Review

This code review is in beta and may not always be helpful — use your judgment.

No code review issues found.

Conventions

No convention issues found.

Style Guide Review

Suggestions (1)
File Issue
cloudflare-challenges/challenge-types/javascript-detections.mdx line 180 Passive voice — Line uses passive voice: 'No error is surfaced to the visitor' Fix: Rewrite in active voice, e.g. 'Cloudflare does not surface an error to the visitor.'
Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command Description
/review Runs a review now. Incremental if a prior review exists, full if not.
/full-review Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.
/ignore-review-limit Permanently lifts the 2-review automatic limit for this PR. Future pushes will trigger reviews as normal.
/disable-auto-review Stops automatic reviews from triggering on future pushes to this PR. Codeowners can still run /review or /full-review manually.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/cloudflare-challenges/ @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners, @marinaelmore

@zeinjaber zeinjaber enabled auto-merge (squash) July 9, 2026 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants