Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloudflare Block for Incoming Webhooks - Edge Functions #987

Open
pedrohssales opened this issue Mar 14, 2024 · 1 comment
Open

Cloudflare Block for Incoming Webhooks - Edge Functions #987

pedrohssales opened this issue Mar 14, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@pedrohssales
Copy link

pedrohssales commented Mar 14, 2024
edited

Describe the bug

I am encountering an Access Denied (403) error when my Supabase Edge Function named asaas_webhook attempts to receive payment webhooks. The error message indicates that access is being restricted by Cloudflare based on the browser's signature.

To Reproduce

Steps to reproduce the behavior:

Steps to reproduce the behavior:

  1. Create an account at Asaas Sandbox.
  2. Create a generic Edge Function in Supabase to handle payment webhooks.
  3. Navigate to "Integrações" > "Webhooks" > "Cobranças" in the Asaas dashboard.
  4. Insert the endpoint URL of the Supabase Edge Function into the webhook configuration.
  5. Trigger a payment event in Asaas to send a webhook to the Edge Function's endpoint.
  6. Observe the Access Denied (403) error in the response.

Expected behavior

I expect the Edge Function to successfully receive and process the payment webhook data without encountering an Access Denied error.

Screenshots

Null

System information

  • OS: Windows

Additional context

Asaas has indicated that the Cloudflare configuration of Supabase might be blocking the IPs of their service. The list of IPs mentioned are: 52.67.12.206, 18.230.8.159, 54.94.136.112, 54.94.183.101, 54.207.175.46, 54.94.35.137.

The webhooks do not even appear in the log of the Edge Function, which indicates that they are being blocked by the Cloudflare of Supabase. Additionally, I have tested sending the Asaas webhook to various other services such as Make and Zapier, and the webhook arrives normally in those cases. The issue only occurs with Supabase.

This Cloudflare block is a known issue. Asaas suggests that the IPs mentioned above should be unblocked in the Cloudflare WAF settings. (https://docs.asaas.com/docs/bloqueio-do-firewall-na-cloudflare)

As an additional measure, the error message I received indicated that access was being restricted based on the browser's signature. I suspect this might be related to the User-Agent: Java/1.8.0_275 header that Asaas uses when sending webhooks. If possible, adjusting the filter for this User-Agent in Cloudflare's security settings could potentially resolve the problem.

This problem is critical as it prevents my application from receiving and processing payment webhooks, which is essential for its functionality.
@pedrohssales pedrohssales added the bug Something isn't working label Mar 14, 2024
@steve-chavez steve-chavez transferred this issue from supabase/postgrest-js Mar 14, 2024
@mztmoraes
Copy link

mztmoraes commented May 6, 2024
edited

@pedrohssales , Hi!

Did you manage to get around the limitation (apparently a bug) of supabase?
Did you actually manage to integrate supabase with Asaas?

Best

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mztmoraes @pedrohssales