WAF blocks the payment payload
Quirk · GET /api/x402/edge-waf-blocks-payment · Edge / CDN Controls
The large base64 PAYMENT-SIGNATURE trips a managed WAF rule and is rejected with 403 before the payment logic runs.
Explanation
The large base64 PAYMENT-SIGNATURE payload trips a managed WAF rule heuristic and the request is rejected with 403 before the payment is ever processed. The merchant must tune its WAF and managed rules to allow the payment header so legitimate payments reach the origin.
What to watch
The paid call returns 403 (WAF) instead of verifying — the payment never reaches the origin logic.
Facilitator
Settled against the live Radius testnet facilitator (https://facilitator.testnet.radiustech.xyz). A valid payment runs a real /verify and /settle on-chain.
Metadata
- Status: Quirk
- Method: GET
- Price: 0.0001 (100 atomic)
- Responsible party: Merchant