8

The app I created to offer RSS feeds from Hot Network Questions fails since today to fetch its data from the source.

One of its main endpoints is https://stackexchange.com/hot-questions-json1. It looks like the app now gets blocked by the CloudFlare anti-bot measures.

These are the headers of the error response I've captured:

{
  date: 'Fri, 22 Sep 2023 15:48:49 GMT',
  'content-type': 'text/html; charset=UTF-8',
  'content-length': '6440',
  connection: 'close',
  'cross-origin-embedder-policy': 'require-corp',
  'cross-origin-opener-policy': 'same-origin',
  'cross-origin-resource-policy': 'same-origin',
  'origin-agent-cluster': '?1',
  'permissions-policy': 'accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()',
  'referrer-policy': 'same-origin',
  'x-frame-options': 'SAMEORIGIN',
  'cf-mitigated': 'challenge',
  'cache-control': 'private, max-age=0, no-store, no-cache, ' +
    'must-revalidate, post-check=0, ' +
    'pre-check=0',
  expires: 'Thu, 01 Jan 1970 00:00:01 GMT',
  'set-cookie': [
    '__cf_bm=plX85fIOvG4mmOUx57Q1e0XfZBxw.EXY2uutj8wExP0-1695397729-0-Ae7cVUGXTf7+Y1VxTBV4vFPpB0eFfxvXJJ3fyC8EZkoi2WPMuGCWbZnLXvowMpONw8ed2sVpy2ZyLUo5XkHbhE0=; ' +
      'path=/; expires=Fri, 22-Sep-23 16:18:49 GMT; ' +
      'domain=.stackexchange.com; HttpOnly; Secure; SameSite=None'
  ],
  'x-dns-prefetch-control': 'off',
  server: 'cloudflare',
  'cf-ray': '80abb1c15868380c-IAD'
}

And the start of the HTML body:

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title>

I do note that several chat rooms across the network rely on the app to get informed on a timely basis of new Hot Network Questions. The functionality for RSS feeds on migrated posts is not affected so far as that relies on the Stack Exchange API.

Can this be fixed by SE and/or mitigated by me? In the latter case I'm happy to make changes that works for you.

Just a moment ... (6 to 8 weeks?)

1. The endpoint was part of the mobile infrastructure but it was decided to not decommission that specific endpoint.

Improve this question
3
  • If this is better served as an answer on one of the many other reports, ie: meta.stackexchange.com/questions/393116/…, I'm happy to move it. So far it seems that for each unique cloudflare hick-up a separate bug exists. I don't mind how the reports are bundled or tracked, as long as the underlying issue gets addressed.
    – rene
    Commented Sep 22, 2023 at 16:12
  • 2
    I made some adjustments from this report, should fix your issue also. meta.stackexchange.com/questions/393231/…
    – Josh Zhang StaffMod
    Commented Sep 22, 2023 at 19:41
  • 2
    @JoshZhang yes, that solved the issue! You're awesome, thanks for the work you've put into this. It is appreciated.
    – rene
    Commented Sep 22, 2023 at 20:24

1 Answer 1

Reset to default
5

Thank you for your patience as we adjust things during the transition. I've made what I hope is the change that should resolve all the current Captcha issues that everyone has been getting.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .