Skip to content

Highcharts CDN blocks requests with .ru domain in referer header #341

New issue
New issue
Open
Open
Highcharts CDN blocks requests with .ru domain in referer header#341
Assignees
goshander
Labels
enhancementNew feature or request
@inxhale777

Description

@inxhale777
inxhale777
opened on Jul 3, 2025

Highcharts CDN blocks requests with .ru domain in referer header

Description

The official Highcharts CDN (code.highcharts.com) blocks requests when the Referer header contains a .ru domain, returning a 403 Forbidden error with a "Sorry, you have been blocked" message.

Steps to Reproduce

  1. Make a request to any Highcharts resource with a .ru domain in the referrer header:
curl 'https://code.highcharts.com/8.2.2/modules/funnel.js' \
  -H 'accept: */*' \
  -H 'accept-language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,da;q=0.6' \
  -H 'cache-control: no-cache' \
  -H 'pragma: no-cache' \
  -H 'priority: u=1' \
  -H 'referer: https://example.ru' \
  -H 'sec-ch-ua: "Google Chrome";v="137", "Chromium";v="137", "Not/A)Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: script' \
  -H 'sec-fetch-mode: no-cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
  1. The response will be:
<h1 data-translate="block_headline">Sorry, you have been blocked</h1>

Expected Behavior

Highcharts resources should be loaded successfully regardless of the referrer domain.

Actual Behavior

Requests with .ru domains in the referrer header are blocked with a 403 error.

Impact

This affects all Datalens installations hosted on .ru domains, making charts functionality unavailable.

Proposed Solution

Use the HC_ENDPOINT environment variable for datalens-ui container to specify an alternative CDN:

HC_ENDPOINT: "cdnjs.cloudflare.com/ajax/libs/highcharts"

This workaround uses Cloudflare's CDN which doesn't have geographical restrictions based on the referrer header.

Additional Context

  • This appears to be a geographical restriction implemented by Highcharts CDN
  • The issue affects any service hosted on .ru domains trying to load Highcharts resources
  • The Cloudflare CDN hosts the same Highcharts versions without restrictions

Environment

  • Highcharts version: 8.2.2 (affects all versions)
  • Browser: Any
  • OS: Any

Workaround

Until this is resolved at the library level, users can:

  1. Set the HC_ENDPOINT environment variable to use an alternative CDN
  2. Self-host Highcharts files
  3. Use a proxy to fetch Highcharts resources

Note: This is a critical issue for users in certain regions and should be addressed either by:

  • Documenting the HC_ENDPOINT variable usage in the official documentation
  • Implementing automatic fallback to alternative CDNs
  • Making the geographical restriction handling more transparent

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions