HTTP request fails with anonymous access

Max · June 4, 2025, 10:35am

I have an app that on load requests data from several APIs. Today, I wanted to test the app when publicly accessed by anonymous access, but one of the requests fails. Well, the request itself succeedes, but the response is just

<html>
    <head>
        <title>Request Rejected</title>
    </head>
    <body>
        The requested URL was rejected. Please consult with your administrator.<br>
        <br>
        Your support ID is: 13051143813188554833<br>
        <br>
        <a href='javascript:history.back();'>[Go Back]</a>
    </body>
</html>

The URL I’m requesting is https://a2a.bancaditalia.it/infostat/dataservices/export/EN/CSV/ALL/CUBE/BANKITALIA/DIFF/QMOT0100 (Opening link will download a ZIP)
simply put in the URL field of the action:

I also tried to create a datasource with the Base URL set to this link and Anonymous access allowed, but it still “fails”.

I don’t really understand what the problem is because the payload of the request is almost the same. The only differences are the parameters environment, set to prod instead of dev, and isBuilder, set to false instead of true.

If any of you got an idea or suggestion, I’m all ears.

spherebread · June 4, 2025, 12:00pm

Hey @Max,

Thanks for reporting it, the issue seems weird…
The only way I managed to query that URL — as on your screenshot, no datasource + empty base URL + full URL.

I’ll check with the team!

spherebread · June 4, 2025, 2:48pm

@Max, we’ve able to track down the bug!
Long story short, it’s because of cookies
If any of your data sources have cookies — others will get cookie: "" appended… Direct HTTP API steps (with no data source) have no cookies at all, so request works as expected.

We’ll fix this behavior in further versions!

Max · June 5, 2025, 7:06am

Awesome, thank you!
Strangely, though, the Direct HTTP API step fails for me despite the lack of data source. But only when opening the Embed URL as an anonymous user, e.g. in incognito. Does the anonymous access also cause cookie: "" to be appended?

spherebread · June 20, 2025, 8:21am

Hmmmm… We’ve pushed a fix for cookies, it will become available next Thursday. I’ll test additionally with anonymous access.