I sometimes get an error with the font
https://lovebyte.eu.org/fonts/nasa.otf
downloadable font: rejected by sanitizer (font-family: "Nasa" style:normal
weight:400 stretch:100 src index:0) source: https://lovebyte.eu.org/fonts/nasa.otf
But most of the time its fine and this confuses me
Any ideas ?
I’m suspecting that aes.js is getting served to the browser instead of nasa.otf but I can’t confirm this as downloading the font is giving the correct file
What browser are you using?
I’m testing your site in Chrome with Cache Disabled. I see the font applied correctly, AES.JS not affecting anything. Even after refreshing the page without cache multiple times.
Also,
Sorry I forgot to say the browser is librewolf (a fork of firefox)
I suspected aes.js again because that time about a month ago I got an error but it was a mime error I think and when I tried to download the font I got aes.js instead, this time I get the font download
I have also previously had issues with aes.js being loaded instead of my css file so suspected it sorry
I am confused with this issue
I tested your site with FireFox, and with LibreWolf, and they were able to display the font correctly.
Maybe iFastNet is touching AES.JS again, and you happened to be temporally affected at the time?
You most likely have Under Attack Mode enabled on Cloudflare, trying disabling that and see if it helps or not.
I do indeed have under attack mode enabled but I cannot take the risk of disabling it as I don’t want to lose my account
Is under attack mode known to cause these kinds of problems ?
Under Attack Mode should only be activated as a last resort against layer 7 DDoS attacks, I see no reason for you to use it 24/7 as your site’s IP address is already hidden.
It’s possibly the reason behind your font issue, without disabling it there’s no way to investigate further.
I had the same problem
you can see it here in the pictures:
so I deleted all my hosting accounts and moved everything to CF
There’s nothing worse when it works once and then after a refresh it doesn’t work and then it works again…and it doesn’t work again…and it SHOULD work if it was tested properly.
@lovebug, the font from your website did not load in my browser, too. My gut tells me that it has something to do with the site cookies. Although, this is only a theory for now unless I can prove it through thorough testing and analysis.
There are (5) main factors that affects the browser validation system:
aes.js script in the client-side which plays a role in facilitating the creation of the encrypted cookie hash.aes.js script and the creation of the said cookie.Do you remember this bug? Sometimes, the cookie from Cloudflare becomes too large to be handled with. I was thinking whether the size of the cookie from Cloudflare could affect the browser validation system or not.
Not necessarily. It’s a good thing to enable when you want good protection but don’t want to spend a year setting up CF correctly.
Yeah, it’s slightly annoying to users, but it almost guarantees you won’t get hit with a DDoS attack and suspension.
When my site came under attack, I turned on under attack mode. and I’m still reciving 20,000 hits most days in the space of 20 minutes in the morning (6-6:20am GMT) so I keep it active.
for a personal site, when you don’t have the time or resources to set up something better, its more than good enough
I maintain 100+ domains on Cloudflare, I should know. It should only be used as a last resort, you can verify this statement by visiting their official documentation.
Everyone’s experience differs. for someone like yourself, you clearly have the knowladge, and have taken the time to be able to set up those domains in the best way.
Not everyone has the knowladge or time to do that for themselves. For those of us that just need a quick fix, “under attack” mode works really well.
Small clarification, the docs say it’s “designed” to be a last resort, not that it must only be used as a last resort. They only recommend it be used in that manner, no other guidance is really provided.
While I manage significantly less domains on CF (I think I’m sitting around 10 currently), I’ve been using the platform for a number of years. Either way, I don’t think the number of domains you host or the years you’ve been a customer matters, it’s possible for someone to be a customer for 20 years with over 200 domains connected and still be wholly incompetent at correctly managing anything.
Agreed
Conversly, its possible for someone to only have 1 or 2 domains, that have only been up a few months and they’ve set everything up perfectly.
Its all down to the individual and the work they can put into it 
Ok you are getting that stupid security page that loads aes.js instead of the actual nasa.otf font
One thing that librewolf and brave browser have in common is a blocker, advert blocker in librewolf and script blocker in brave
I’m going to disable the advert blocker (ublock origin) in librewolf and see if that helps
Possibly unshielding brave on my website will fix the issue for you too
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
This is getting too annoying now
My site looks like this
And if I view the page source I see this
<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("9f48cce43c7654565ad78f5f074dd637");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://lovebyte.eu.org/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>
Please IFASTNET fix your security to work with cloudflare like it used to do