Hey @Paige-Shopify is anything being done about this? As a theme developer this is frustrating I simply cannot work on my clients site right now as I am being rate limited after only a few minutes of loading the dev store.
The issue for us is a little different to others but related. We are using Vue.js to create our collection grid so we need to fetch each product one-by-one which causes 20-30 GET requests to product urls every few seconds.
This never used to be an issue until now.
Can we get some clarification on if this will be addressed or not?
We introduced new bot protection measures for the cart.
Based on the feedback provided, we adjusted these measures.
If you are a developer or merchant needing to run tests on a shop, we recommend following the approach in this Help Center article so we can verify your requests.
We are still working on a fix for CLI users and VPN users.
All users will be able to complete the challenge in order to continue shopping.
@Dmitri_Pavlutin youāre right that a single cart request shouldnāt be affected. Can you have the affected shop reach out to support so we can investigate that further?
@Paige-Shopify The merchant already reached out to Shopify customer support.
This was the response from support:
This does mean that after I refresh the Cloudflare from the domain that you have, and the issue is still happening. It might be best to coordinate with the Boxi app directly to modify how they handle the redirect and cart interaction.
What Iām going to do from my end is that I will have to refresh the Cloudflare from my side, and letās monitor the changes through your store after or within 24 hours
Our app simply does just one standard add to cart request and after that redirects to cart or checkout page.
Thanks for sharing @Dmitri_Pavlutin!
I took a look at that ticket, and it seems the conversation somehow ended up focusing on Cloudflare itself
Have you been able to replicate the issue on that shop at all?
Iām looking for a request ID for a cart request that didnāt get a 429 response, so I can investigate the responses that did get a 429 response.
I was able to replicate the problem at that moment when the merchant reported the problem, but now it seems to work fine.
Also the merchant is sharing the links to the Boxi builders in newsletters - so maybe spikes of visits from the newsletter triggers the bot detection.
Also, as many partners mentioned in this thread, the verification seems to be broken. It is fine that Cloudflare shows a verification page to detect whether I am a bot or not - and if I pass the verification, I would expect the add to cart action to work as expected. However, this is not the case. I passed the verification, but when adding products to the cart, the verification is triggered again - which actually fails and creates the problem.
Has this been fixed for the AJAX API? Weāve been trying to find a workaround for this issue but nothing so far has worked. Weāre worried that this is impacting conversion for some sessions since we rely heavily on the AJAX API for a dynamic pop-out cart.
Been running into these 429 errors this morning while trying to test some cart changes using shopify theme dev. I can add about 3 products to the cart before I get locked out with 429 errors for several minutes. This is really frustrating, I need to add dozens of items to the cart to test the theme feature Iām working on!
For anyone still experiencing 429 errors, please DM me or send me an email (josh.faigan@shopify.com) with your shopify store domain that you are working with IE (mystore.myshopify.com). It will let us check logs to see what is happening. If I can get more information I will be able to chat with our other teams. Thank you so much!
When using an Express VPN on our live site and after adding to cart a couple of times getting the 429 response rate limit messages and the cloudflare verification for a simple cart retrieval. Nothing fancy on the cart page just trying to load the cart from a simple add to cart.
