I am encountering an Access Denied (403) error when my Supabase Edge Function named asaas_webhook attempts to receive payment webhooks. The error message indicates that access is being restricted by Cloudflare based on the browser's signature.
Create a generic Edge Function in Supabase to handle payment webhooks.
Navigate to "Integrações" > "Webhooks" > "Cobranças" in the Asaas dashboard.
Insert the endpoint URL of the Supabase Edge Function into the webhook configuration.
Trigger a payment event in Asaas to send a webhook to the Edge Function's endpoint.
Observe the Access Denied (403) error in the response.
Expected behavior
I expect the Edge Function to successfully receive and process the payment webhook data without encountering an Access Denied error.
Screenshots
Null
System information
OS: Windows
Additional context
Asaas has indicated that the Cloudflare configuration of Supabase might be blocking the IPs of their service. The list of IPs mentioned are: 52.67.12.206, 18.230.8.159, 54.94.136.112, 54.94.183.101, 54.207.175.46, 54.94.35.137.
The webhooks do not even appear in the log of the Edge Function, which indicates that they are being blocked by the Cloudflare of Supabase. Additionally, I have tested sending the Asaas webhook to various other services such as Make and Zapier, and the webhook arrives normally in those cases. The issue only occurs with Supabase.
As an additional measure, the error message I received indicated that access was being restricted based on the browser's signature. I suspect this might be related to the User-Agent: Java/1.8.0_275 header that Asaas uses when sending webhooks. If possible, adjusting the filter for this User-Agent in Cloudflare's security settings could potentially resolve the problem.
This problem is critical as it prevents my application from receiving and processing payment webhooks, which is essential for its functionality.
Describe the bug
I am encountering an Access Denied (403) error when my Supabase Edge Function named asaas_webhook attempts to receive payment webhooks. The error message indicates that access is being restricted by Cloudflare based on the browser's signature.
To Reproduce
Steps to reproduce the behavior:
Steps to reproduce the behavior:
Expected behavior
I expect the Edge Function to successfully receive and process the payment webhook data without encountering an Access Denied error.
Screenshots
Null
System information
Additional context
Asaas has indicated that the Cloudflare configuration of Supabase might be blocking the IPs of their service. The list of IPs mentioned are: 52.67.12.206, 18.230.8.159, 54.94.136.112, 54.94.183.101, 54.207.175.46, 54.94.35.137.
The webhooks do not even appear in the log of the Edge Function, which indicates that they are being blocked by the Cloudflare of Supabase. Additionally, I have tested sending the Asaas webhook to various other services such as Make and Zapier, and the webhook arrives normally in those cases. The issue only occurs with Supabase.
This Cloudflare block is a known issue. Asaas suggests that the IPs mentioned above should be unblocked in the Cloudflare WAF settings. (https://docs.asaas.com/docs/bloqueio-do-firewall-na-cloudflare)
As an additional measure, the error message I received indicated that access was being restricted based on the browser's signature. I suspect this might be related to the User-Agent: Java/1.8.0_275 header that Asaas uses when sending webhooks. If possible, adjusting the filter for this User-Agent in Cloudflare's security settings could potentially resolve the problem.
This problem is critical as it prevents my application from receiving and processing payment webhooks, which is essential for its functionality.