Bug | V3.4.0 | Cannot Save Snippet | Error Code 403

I’m having this same issue when trying to save a snippet. I also have cloudflare. Has there been any updates to patch this?

I was having the same issue but I was able to do resolve it since my website is hosted on in-house server. So I connected to our private network wifi and was able to save the snippet.

Hey @bungeshea,

Can you provide a courtesy update for this issue? As stated before, a code change you implemented with V3.4.0 is causing Cloudflare to flag and block your plugin.

Thank you!

Hi @generosus,

Unfortunately, as this is really an issue with Cloudflare being unnecessarily fastidious and blocking what is essentially a false-positive, it’s difficult to address from the plugin.

There might be an exception rule you could add from within Cloudflare, but I’m not sure what the specifics might be.

In the meantime, I’m working on adding a setting which disables AJAX saving and reverts to the previous form submit method, but we also have other features and releases we’re working on, so it may not come out until after the next major release.

Hey @bungeshea,

Thanks for the reply. Looking forward to your update. So you know, we installed and activated V3.5.0 Beta 1 and it did not fix the issue. Also, keep in mind the following:

1. Since V3.4.0, we can save snippets without a title (no prior warning or pop-up shown prior to saving code snippet). With V3.3.0, we get the warning. Please refer to our related forum topic.
2. Your code changes should be compatible with Cloudflare and any other CDN offering similar protection. We never had this issue with V3.3.0, so kindly revisit your code changes. If Cloudflare is flagging a false-positive, you should be able to address that with Cloudflare directly or via their forum.

In short, hoping your next update (V3.5.0 stable) will take care of the above.

And in case you’re wondering, our temporary solution (only allows us to save code snippets), was to create the Cloudflare WAF Rule noted here. Perhaps this will help you a bit as well.

If the above cannot be fixed, we may need to switch to another widely-used code snippets plugin. Hopefully, not.

Thank you ??

I’m having this same issue when trying to save a snippet.
I also have cloudflare.
Has there been any updates to patch this?

Same here… Update would be appreciated.

@generosus Thank you for all the feedback you given us. We’ll close the topic here. Please keep an eye on our updates and feel welcome to reach out directly to us if you have any questions. Please message me directly if there’s anything I can do to properly thank you for the effort you’ve put in.

Hey @ver3,

Two things:

1. Your recent update partially fixed this issue. The lower buttons behave as intended when we try to add a new code snippet without a title. The top buttons, however, do not work. Details: https://prnt.sc/UqmIQq9NoEiD
2. Per WP guidelines, we’re not allowed to message you directly. So, what plugin email address shall we use in the future?

You’re almost there. Fix appreciated ??

@generosus I appreciate the follow-up! I’ll look into why those other buttons aren’t working as expected, and we will include a fix in the next update.

www.remarpro.com forums are a perfectly fine place to report feedback and ask for support. Don’t worry about needing to message us on other sites if your posts relate to the core Code Snippets plugin,

Hey @bungeshea,

Looking forward to it. Happy to work with you guys to ensure your plugin remains the best in the business.

Cheers ??

I am facing this same issue cannot save snippet, my plesk mod security is also disabled, can anyone advise fix?

Unfortunately, the issue continues. We recently tried to add a couple of snippets but were blocked by Cloudflare with the message Error Code 403. We’re using your latest plugin revision, V3.6.2.

Details: https://prnt.sc/B6eXHQscdHuf

Also, noticed from another topic (sorry, can’t cross reference them here so copy and pasted the text below), that code snippets that include “echo” — like ours are being rejected due to XSS concerns. This is exactly what’s happening to us.

Fix appreciated. This is way too frustrating.

Thank you!

———————–

Kevin J (@iamkevinjohnson)

6 months, 4 weeks ago

403 when saving snippet is still happening:

“Could not update snippet. Request failed with status code 403”

Sample snippet that results in 403 when trying to saving new snippet (snippet not activated):

function custom_redirect($url) {
    ob_start();
    ?>
    <script type="text/javascript">
        window.location.href = "<?php echo ($url); ?>";
    </script>
    <noscript>
        <meta http-equiv="refresh" content="0;url=<?php echo ($url); ?>" />
    </noscript>
    <?php
    ob_end_flush();
}

It seems to be the echo statement causing the problem. Existing snippets with echo statements still work, but altering/saving existing code that has echo, or creating a new snippet that tries to utilize echo, always results in 403 after attempting to save snippet.

I have the paid pro version and have contacted support, but they don’t seem to understand the issue yet. Perhaps the above example will help them devise a fix.

SOLUTION:

We confirmed the above is causing the issue. That is, code snippets that contain “echo” are being blocked by Cloudflare under the service “Managed rules (previous version). Details: https://prnt.sc/yWEz_lqTBmpp

So, based on the above, we created a Cloudflare WAF Rule to skip any code snippet that triggers Cloudflare’s “Managed rules (previous version” service. Details: https://prnt.sc/jXaqhiBqsrjO

We tested the above many times. Problem solved … for now!

Cheers!

I’ve just now come across the same issue. Cloudflare blocks POST from the code snippet plugin:

Screenshot by Lightshot (prnt.sc)

I’ve added a WAF custom rule to skip… but this is a really yucky/temporary solution.

Is there a better way to fix this?