Fastly started forbidding domain fronting on October 24th, customers that were using Cloudflare with proxy enabled were affected as Fastly could not verify domain ownership for TLS certificates. This caused Fastly to throw a TLS validation error when trying to access these domains.
We got communications from Fastly in September telling us some domains were going to be affected. However, they mentioned we had until the TLS certificates expired on current domains to take action. After the incident we reached out to Fastly, and they also mentioned the report they sent us was incomplete, as it did not include information for the HTTP method, as requests not using the POST method could be affected. This miscommunication from Fastly side led us to believe we had more time before our application would be affected.
Going forward, we are double checking important dates with third party providers to make sure there are no misunderstandings and we don’t cause downtime for our customers.