But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
"Something went wrong An unexpected error occurred. Please try again or contact support."
Is this a product or what? What's the purpose? Is there an API?
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
I have a few qualms with this app.
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.
And then sell its denizens malice protection services.
Kevlar:
https://developers.cloudflare.com/bots/ https://www.cloudflare.com/products/turnstile/
Guns:
https://support.cloudflarewarp.com/
To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.
But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.
To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.
By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
Note how the error has zero information.
Looking at the network requests, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked". Happens even with adblocker and cookie extensions disabled, and I don't usually have problems with Cloudflare sites. Firefox on linux.
I'm very tired of this adversarial approach to software and vague errors.
EDIT: it was the 'fsmonitor-watchman.sample' default hook in the .git folder. "Please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...
ChrisArchitect•2h ago
(https://x.com/BraydenWilmoth/status/2074894829616509358)
simonw•1h ago