?i=0, running with Cloudflare and Full (Strict)

Website URL

(please specify the URL of the site on which you are experiencing the problem)


Error Message

(please share the FULL error message you see, if applicable)

When I post request to the backend for a user registration or login, it responds with this… As I said, I am already using Cloudflare and Full (Strict) SSL… It works on my other backend and website…

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("7ff721e48114e1c83894cfccf2858472");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://midwaytravelltd.co.uk/API/v1/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

Other Information

I am thinking it’s to do with the “?i=1”, however on standard browser I don’t get the “?i=1”, so it could be some cache or something…

(other information and details relevant to your question)

Are you proxying the domain?


Yes, it’s proxied via CF also

This file that is called (POST) from the Login page does not exist


It’s not the main part, it’s the backend part, where my iOS and Android app communicates and authorises people.

Here is an image of the CF DNS settings :

That’s what I think too. Your DNS and Cloudflare settings seem fine, but if you only just switched to Cloudflare, your mobile app may still be connecting directly to our servers, which is causing the issue you’re seeing.

Just to let you know though, while using Cloudflare lets you bypass the browser validation system, it doesn’t bypass our terms of service. The rules still are that our hosting should be used to host websites, not APIs. So even if what you’re doing works, you’re still breaking the rules by hosting software used only for a mobile app API. And if we ever decide to start enforcing that, then you will be punished.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.