[GH-ISSUE #7785] [Bug]: SimpleFIN Cloudflare Block is not handled gracefully #92828

Open
opened 2026-05-26 04:37:44 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @JazzyJosh on GitHub (May 9, 2026).
Original GitHub issue: https://github.com/actualbudget/actual/issues/7785

What happened?

Was linking bank accounts several times, leading to a Cloudflare block on Simplefin. Since the credentials box popped up, I unnecessarily reset my credentials for SimpleFIN. Now I get to set all my bank accounts back up again when the link is restored.

How can we reproduce the issue?

  1. Create a SimpleFIN account and link a Bank Account and create an App Connection
  2. Create an Account in Actual
  3. In the Meatball menu, click Link Account
  4. Click Link Account with SimpleFin
  5. Provide the App Credentials created in step 1
  6. Keep using Link Bank/syncing/etc. until SimpleFIN temporarily bans requests from the backend to their API, resulting in syncs failing
  7. Observe Cloudflare Rate-Limit HTML in Actual Server logs.
  8. Create a new Account
  9. In the Meatball menu, click Link Account
  10. Click Link Account with SimpleFin

Expected: Warning displayed that SimpleFin is unavailable/rate limit
Actual: "Set Up SimpleFIN" modal is displayed

Where are you hosting Actual?

Fly.io

What browsers are you seeing the problem on?

Chrome

Operating System

Windows 11

Originally created by @JazzyJosh on GitHub (May 9, 2026). Original GitHub issue: https://github.com/actualbudget/actual/issues/7785 ### What happened? Was linking bank accounts several times, leading to a Cloudflare block on Simplefin. Since the credentials box popped up, I unnecessarily reset my credentials for SimpleFIN. Now I get to set all my bank accounts back up again when the link is restored. ### How can we reproduce the issue? 1. Create a SimpleFIN account and link a Bank Account and create an App Connection 2. Create an Account in Actual 3. In the Meatball menu, click Link Account 4. Click Link Account with SimpleFin 5. Provide the App Credentials created in step 1 5. Keep using Link Bank/syncing/etc. until SimpleFIN temporarily bans requests from the backend to their API, resulting in syncs failing 6. Observe Cloudflare Rate-Limit HTML in Actual Server logs. 7. Create a new Account 8. In the Meatball menu, click Link Account 9. Click Link Account with SimpleFin Expected: Warning displayed that SimpleFin is unavailable/rate limit Actual: "Set Up SimpleFIN" modal is displayed ### Where are you hosting Actual? Fly.io ### What browsers are you seeing the problem on? Chrome ### Operating System Windows 11
GiteaMirror added the needs triagebug labels 2026-05-26 04:37:44 -05:00
Author
Owner

@jshaofa-ui commented on GitHub (May 10, 2026):

🔧 Solution Proposal

Root Cause

When SimpleFIN is rate-limited/blocked by Cloudflare, the app shows "Set Up SimpleFIN" modal instead of a proper error. This happens because:

  1. The /status endpoint checks token !== 'Forbidden' — when Cloudflare blocks, token becomes 'Forbidden'
  2. Returns { configured: false } — indistinguishable from "token not set"
  3. Frontend interprets configured: false as "not configured" → shows wrong modal

Fix

1. packages/sync-server/src/app-simplefin/app-simplefin.js — Add cloudflareBlocked to status response:

const cloudflareBlocked = token === 'Forbidden';
res.send({ status: 'ok', data: { configured, cloudflareBlocked } });

2. Same file — In /accounts endpoint, distinguish Cloudflare block from invalid token:

if (token === 'Forbidden') {
  cloudflareBlocked(res);  // new error type
  return;
}

3. Add new error function:

function cloudflareBlocked(res) {
  res.send({
    status: 'ok',
    data: {
      error_type: 'CLOUDFLARE_BLOCKED',
      error_code: 'CLOUDFLARE_BLOCKED',
      status: 'rejected',
      reason: 'SimpleFIN is temporarily rate-limited by Cloudflare. Please wait a few minutes.',
    },
  });
}

4. packages/desktop-client/src/components/accounts/AccountSyncCheck.tsx — Add error message:

case 'CLOUDFLARE_BLOCKED':
  return t('SimpleFIN is temporarily unavailable due to rate limiting. Please wait a few minutes.');

5. packages/desktop-client/src/hooks/useSimpleFinStatus.ts — Add cloudflareBlocked state.

Why This Works

  • Distinguishes 3 states: not configured, Cloudflare blocked, invalid token
  • Users won't be tricked into resetting credentials when it's just a rate limit
  • Follows existing error_type/error_code pattern
<!-- gh-comment-id:4414059301 --> @jshaofa-ui commented on GitHub (May 10, 2026): ## 🔧 Solution Proposal ### Root Cause When SimpleFIN is rate-limited/blocked by Cloudflare, the app shows "Set Up SimpleFIN" modal instead of a proper error. This happens because: 1. The `/status` endpoint checks `token !== 'Forbidden'` — when Cloudflare blocks, token becomes `'Forbidden'` 2. Returns `{ configured: false }` — indistinguishable from "token not set" 3. Frontend interprets `configured: false` as "not configured" → shows wrong modal ### Fix **1. `packages/sync-server/src/app-simplefin/app-simplefin.js`** — Add `cloudflareBlocked` to status response: ```javascript const cloudflareBlocked = token === 'Forbidden'; res.send({ status: 'ok', data: { configured, cloudflareBlocked } }); ``` **2. Same file** — In `/accounts` endpoint, distinguish Cloudflare block from invalid token: ```javascript if (token === 'Forbidden') { cloudflareBlocked(res); // new error type return; } ``` **3. Add new error function:** ```javascript function cloudflareBlocked(res) { res.send({ status: 'ok', data: { error_type: 'CLOUDFLARE_BLOCKED', error_code: 'CLOUDFLARE_BLOCKED', status: 'rejected', reason: 'SimpleFIN is temporarily rate-limited by Cloudflare. Please wait a few minutes.', }, }); } ``` **4. `packages/desktop-client/src/components/accounts/AccountSyncCheck.tsx`** — Add error message: ```typescript case 'CLOUDFLARE_BLOCKED': return t('SimpleFIN is temporarily unavailable due to rate limiting. Please wait a few minutes.'); ``` **5. `packages/desktop-client/src/hooks/useSimpleFinStatus.ts`** — Add `cloudflareBlocked` state. ### Why This Works - Distinguishes 3 states: not configured, Cloudflare blocked, invalid token - Users won't be tricked into resetting credentials when it's just a rate limit - Follows existing error_type/error_code pattern
Author
Owner

@JazzyJosh commented on GitHub (May 10, 2026):

https://actualbudget.org/docs/contributing/ai-usage-policy/

<!-- gh-comment-id:4414098100 --> @JazzyJosh commented on GitHub (May 10, 2026): https://actualbudget.org/docs/contributing/ai-usage-policy/
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#92828