[DigitalPoint] App for Cloudflare® 1.8.2

Fixed issue with method compatibility on some versions of PHP

• Fixed issue where the "Registration & contact forms are an overlay" option wouldn't always work
• Fixed issue with guest page caching where the first request made after a browser restart would return a cached page vs. logged in user
• Added support for config of R2 for XFMG via UI (it was possible before, but only through config.php edit)
• Internally caching Cloudflare zone ID (less API requests needed and faster for the requests we are making)
• Automatically reset cached zone ID cache if it's invalid (if site's domain changes for example)
• If using guest page caching, the cache for the first 2 and last 2 pages in a thread is purged when a post in the thread is added, edited or deleted (doing first 2 and last 2 helps with threads that have hundreds or thousands of pages so they don't run into API problems with so many individual page purge requests)
• Fixed issue with creating new admin access policies (change to Cloudflare API required an API parameter update)
• Removed usage/dependency on Stripe's UUID generator
• Fixed issue with country blocking firewall rule where sometimes the first country selected wouldn't show as selected when going back to edit

• Fixed issue where the function to add public subdomain and Cache Rule to an existing R2 bucket wouldn't work
• Removed dependency on third-party library to get list of countries for firewall blocking
• Changed how guest page caching updates tokens in GET request URLs
• Only cache guest pages if the visitor is using the default language and style

• More tuning of logic for when to do guest page caching
• Made change so other addons that are also extending the filesystem mount class are able to do so with backward compatibility
• Fixed cosmetic issue with overflow of R2 logs in overlay window
• Prevent users from using the same bucket for public and private areas (prevent users from exposing internal-data as a public bucket)
• Added note about style, language and advanced cookie consent in XF 2.2.12+ to known limitations for guest page caching

• Made some minor changes to the logic of when to serve cached pages or not (Guest page caching)
• If a session is empty (like when a user logs out), go ahead and fully expunge it
• Made some changes to R2 adapter so it could be configured for extra directories via config.php
• Added some code to work around XenForo not updating CSRF token in URLs (this bug report)
  
  

This version has a fix for Cache Rule management when the zone/domain didn't have an existing ruleset in place for the entrypoint phase (a Cloudflare thing).

...basically for accounts that have never looked at or touched Cache Rules in their Cloudflare accounts before.

• Ability to cache HTML pages for guests in Cloudflare data centers (much, much faster website for guests)
• Fixed misspelling of Cloudflare in two phrases
• Fixed issue where you wouldn't be able to change API token if your existing API token was invalid
• Added support for Cloudflare Cache Rules
• Removed auto-configuration option for CSS and image proxy caching via Page Rules
• Added support for auto-configuration for CSS and image proxy caching via Cache Rules

A couple things to note...

If you have Page Rules setup for XenForo CSS and/or image proxy from previous versions of this add-on, you can delete those and add them back as Cache Rules if you want (it's not required, but it will free up some Page Rules for your zone if you use them for other things).

The ability to cache guest pages at the network edge (Cloudflare data centers) is a powerful tool that can make page load time for guests much, much faster in most cases. This only applies to guests (non-logged in users). If you want to do a real-world test, run a GTmetrix test without the feature enabled, then run it with the feature enabled (maybe run it a couple times after it's enabled to make sure the cache is being hit). I've been seeing a 2-5x speed increase for guest pages myself.

Guest page caching allows the HTML of your site to be cached in Cloudflare data centers around the world (close to 300 of them currently). So user's network connection only needs to go as far as the data center closest to them when there is a cache hit vs. being backhauled to your physical server.

Here's an example without guest page caching:

The same XenForo page with guest caching enabled:

If you want to see it live/in action, it's running on this site if you want to click around as a guest to see how it "feels" speed-wise:

JavaScript and cookie search engine

IMPORTANT for existing users: The new R2 functions and control of new settings require some new permissions for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Account.Account Analytics: Read
• Account.Workers R2 Storage: Edit
• Zone.Bot Management: Edit
• Zone.Cache Rules: Edit

You should have a total of 14 permissions for your API token at this point. If you don't have 14, you can check what you should have under XF Admin -> Options -> External service providers -> Cloudflare authentication

General

• Fixed issue with compatibility with old versions of PHP.
• Requires PHP 7.0 or higher (just getting too annoying/difficult to maintain backward compatibility with very old versions of PHP on old versions of XenForo).
• New Cloudflare setting: Network error logging
• Bot Fight Mode, Automatic Signed Exchanges (SXGs) & AMP Real URL settings can be used with API tokens now (before you had to use Global API keys to access those settings).
• Added note about changing Worker subdomain.
• New option for country blocking allows blocking to apply to entire site or just registration.
• Make it so XenForo's FsMount class can disable asserts on a per-adapter basis (makes filesystem faster and cuts R2 API calls in half because we don't need to explicitly check if an object exists before we try to get it).
• Changed verbiage reflect Cloudflare's change of "firewall filter rules" to simply "firewall rules".
• Cloudflare API calls that return a server error code (5xx) will transparently retry once before giving up.

R2 (object storage)

• R2 support (yay!)
• R2 requires use of an API token (can't use Global API key, no way around that).
• Internally caching Cloudflare account ID, so we don't need to make API call to get it over and over (account ID normally never changes).
• Internally caching API token ID (required for R2 usage).
• New CLI command to migrate data between two different abstracted filesystems: php cmd.php dp:migrate-data [--new-to-old] [--processes=PROCESSES] [--start-at-path=START-AT-PATH] [--location=LOCATION] [--path=PATH]
• Can see R2 storage/usage for Cloudflare account as a whole (in footer of R2 admin area).
• Can see recent R2 logs (for individual buckets as well as Cloudflare account-level).

What is R2? R2 is a cloud object storage system. This add-on allows you to store things like avatars and attachments in the cloud rather than your server. The cost to use R2 is extremely reasonable... the first 10GB of storage is free, each GB after 10GB is $0.015 per month. For example, if you had 100GB of attachments and avatars you wanted to store in R2, the cost would would be $1.35 per month.

I've built a CLI tool to migrate data from one file system to another (for example you could go from local storage to R2 with it), however it needs to work within the limitations of XenForo and Flysystem. Which means, if you need to move more than a few GB worth of files, you are going to be better off using a free utility like rclone to do it.

This adds some functionality to Cloudflare's Turnstile captcha option added to XenForo 2.2.12.

IMPORTANT for existing users: The new Turnstile functions require a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the Account.Turnstile: Edit permission.


One-click Turnstile site creation

You can automatically set up Turnstile for your site without going to Cloudflare's site with a "Setup in Cloudflare" button:

Buttons for direct links to Settings and Analytics

Once Turnstile is setup for your site, you will get new Settings and Analytics buttons that give you direct links to manage/report on your Turnstile site within Cloudflare.

Minor update...

• Give human-readable error when the domain/zone does not exist on Cloudflare account when trying to work with it.