Home ยป Automatic Domain Fix by Cloudflare for polyfill.io on Client Websites after Domain Hijacking Resolved

Automatic Domain Fix by Cloudflare for polyfill.io on Client Websites after Domain Hijacking Resolved

Cloudflare has announced the addition of a feature to fix the domain polyfill.io to point to https://cdnjs.cloudflare.com/polyfill/ automatically. This comes after the current domain owner inserted code to redirect users to gambling websites, showing malicious intent. If more harmful code is inserted in the future, it could cause massive damage as there are hundreds of thousands of websites using the polyfill script.

The process of fixing the HTML on this CDN requires high processing power, but Cloudflare utilizes the ROFL (Response Overseer for FL) module, a high-performance HTML file parsing and script-tag redirecting module written in Rust, to efficiently handle this.

This feature will be available for customers for free immediately, but paying customers will need to enable it themselves. Customers with Content Security Policy (CSP) in place will not have their domains fixed to avoid the risk of website crashes.

Cloudflare has identified problematic JavaScript files since June 8th, indicating a prolonged and continuous attack. While Cloudflare fixes the files, customers should remove this JavaScript from their projects.

TLDR: Cloudflare announces a feature to automatically fix redirecting code on the polyfill.io domain to prevent malicious redirects to gambling websites. Customers will have access to this feature for free, but those with CSP should be cautious to avoid website crashes.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *