SOLVED: Bricks won't save (spinning wheel on save button) + data retrieval error (Cloudflare WAF was causing issues with admin-ajax.php)

Bugs
1

My client is working on the newly published site, fixing some small content edits, but he (or his team member) cannot save any progress they do, the save button only spins.
They are also experiencing some errors with certain data being pulled from Metabox in the builder (but no issues for me)

Bricks works perfectly fine for me (and for my team member).
But if i open a new private window (or another browser) i have the same issue.
It only works in the Chrome browser i’ve been logged into for a while.

We all work in chrome (also works fine for me in other browsers), and we are all admins.
No ad blockers, no VPNs, or anything else that could maybe cause any issues.
My client even downloaded a fresh version of chrome.

Any ideas what can cause this to happen only for certain members?
I believe this occured when going live (changing domain name)

This is how it looks for my client:

bricks-error
bricks-error1600Ă—817 135 KB

And this is how it looks for me:

bricks-no-error
bricks-no-error1499Ă—845 251 KB

(login details sent to support)

Solution:
My client upgraded to the paid plan of Cloudflare (which has a WAF that blocks all sorts of things)

Security → WAF → Managed Rules → Cloudflare OWASP Core Ruleset

Edit the scope to “Custom Filter Expression” and make it “When incoming requests match” Hostname → does not contain → siteurl.com (Ignore self)

Then it worked.
Solution found here

1 Like
2

Just in case this helps someone else, I see the spinning save button sometimes with the Hummingbird plugin installed as well. However, I just make sure to click the save button anyway, and upon reloading the bricks page everything is saved as expected. (I suggest to try this with small changes so you don’t lose much in case this doesn’t work for you.) In my case it seems to happen when coming back to the editor tab after a while, probably when the page is trying to auto save.

3

A lot of people have been following this link so I should point out that further in that Cloudflare post it is noted that the above solution works because it basically disables the OWASP firewall rules altogether. :grimacing: Not exactly ideal. The alternative suggestion there is to:

Edit the scope to “Customer Filter Expression” and make it “When incoming requests match”
URI Path → does not contain → /wp-admin/admin-ajax.php

Not perfect, but probably better. I hope that helps future Bricks + Cloudflare users.