Get a .COM for just $5.98!   -   Use Code NEWCOM598 @
Is Cloudflare Breaking Your REST API? ♦
Cloudflare cache deception armor breaks REST API

Is Cloudflare breaking your REST API?

( Share the Noogies )

No Runs, No Errors, No Fouls.

The worst problems are the ones that don’t leave you a clue for why they are happening. Such an one will cause much grief. No messages, warning, or errors. I like using plugins for WordPress, plain and simple, and as long as they aren’t hurting my page speed the more the merrier (If you need it). Plugins save the time of trying to figure out ways to do things that someone else has already figured out, and nine times out of nine, they do it better than I can anyhow. Some are just huge time savers.

One of my favorite time savers is a plugin by Jordy Meow called Media File Renamer Pro that does just what it says. It adds alt tags also. I run this on a lot of web sites and I was having an issue on some sites where I could change the plugin settings, and on others I couldn’t change any settings. There were no errors to tell me what was wrong. I disabled plugins, no change. I created a subdomain and installed a clean site with only the Media File Renamer plugin and the problem persisted. Super confusing!

Cache Deception Armor Content-Type Mismatch

All sites were on the same version of WordPress and Media File Renamer, so that only left one other variable that was different between sites and that difference was Cloudflare. I love Cloudflare, but they have features that can really cause trouble and it’s usually Rocket Loader™, but not this time. This time I had added a feature called “Cache Armor Deception” to my last page rule and that was breaking the WordPress REST API. I like tight security so Cache Deception Armor sounded like a good thing. Maybe for some sites and plugins, but not for some WordPress plugins if they aren’t written to handle content types properly. If your using Cache Deception Armor and anything in your site has a Content-Type mismatch, the asset will not be cached and can therefore behave very strangely, like some needed assets are missing in your requests. I hope I said that right so that it makes sense.
Anyhow, if you use Cloudflare with Cache Deception Armor and things seem broken, get rid of it ( Cache Deception Armor I mean ).


I just discovered this problem in another site, but caused by Cloudflare’s “Always Online”. Just disable them on WordPress. It’s configurable, but why bother. Too much work and Cloudflare recommends setting it to off.

Understanding Cloudflare’s CDN

Cache Deception Armor Resources

Understanding Our Cache and the Web Cache Deception Attack
Web Cache Deception Attack revisited

Always Online (Also Breaks REST API)

Understanding Cloudflare Always Online

Rocket Loader™ Resources ( just in case )

Ditch Rocket Loader™ too.
(see also “What does Rocket Loader do?”) 


(Visited 150 times, 1 visits today)

( Share the Noogies )

Disclosure of Affiliations is affiliated with Google, Amazon, and other advertisers. Running this site costs money and if it can’t sustain itself through ads it’ll go bye-bye. Please help me to keep that from happening with your patronage of ads that are of interest to you.

Leave a Review

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top