Investigate workaround for security rules

[sheabunge]

Current behavior

It seems that a multitude of security software, including CloudFlare, Apache mod_sec, and nginx firewall rules, will sometimes see snippet code being transmitted over HTTP and flag it as a false positive, causing bizarre HTTP errors.

Expected behavior

We should see if we can find alternate methods of transmitting snippet data to avoid these false-positives. Perhaps web encoding?

Steps to reproduce

1. Set-up some form of incompatible security software.
2. Create or edit a snippet containing HTML code.
3. HTTP request should fail.

WordPress version

6.7.1

Code Snippets version

3.6.6.1

Code Snippets license

Core (free), Pro

Anything else?

Related support threads:

• Firewall blocking saving of code snippets + suggestion
  
• Bug | V3.4.0 | Cannot Save Snippet | Error Code 403
  

[sheabunge]

Possible solution for CloudFlare provided by Generosus:

We confirmed the above is causing the issue. That is, code snippets that contain “echo” are being blocked by Cloudflare under the service “Managed rules (previous version).

So, based on the above, we created a Cloudflare WAF Rule to skip any code snippet that triggers Cloudflare’s “Managed rules (previous version” service.