A fix for AWS WAF Challenge Intermittently Blocking Sketchfab Embeds?

Distribution
,
1

I’ve already reported this to Sketchfab Support, but since I currently have no way to track the status of the ticket, I’m posting here as well to see if anyone from the community has experienced something similar.

AWS WAF Challenge Intermittently Blocking Sketchfab Embeds in Electron

We’re running a kiosk-style application built with Electron that uses the Sketchfab Viewer to display 3D models. We’ve encountered an issue where the Sketchfab embed intermittently fails to load and instead returns an AWS WAF bot challenge page.

What happens

Roughly 50% of the time, the Sketchfab iframe loads normally and displays the model. The other 50% of the time, the iframe returns an AWS WAF challenge page instead of the viewer.

The challenge script appears unable to complete successfully inside Electron and eventually fails with the message:

“Max challenge attempts exceeded. Please refresh the page to try again!”

When this happens, the application effectively becomes unusable because the viewer never loads.

Environment

Electron

  • Version: 30.0.6

Player hardware 1

  • OS: Ubuntu 24.04.2 LTS

  • Hardware: AOPEN DE6340-R2

  • CPU: AMD Ryzen Embedded R2314

  • GPU: AMD Radeon Vega Graphics (Mesa 24.2.8 / radeonsi)

Player hardware 2

  • OS: Ubuntu 18.04.2 LTS

  • Hardware: AOPEN DE6200

  • CPU/GPU: AMD Embedded RX-421BD Radeon R7

The Sketchfab embed URL is loaded inside an iframe within the Electron application.

What we’ve found so far

During our investigation we observed the following:

  1. The returned HTML contains an AWS WAF challenge page including window.gokuProps and a reference to a challenge.js script hosted on an AWS WAF token domain.

  2. The problem does not occur in a standard Chrome browser using the same network, same machine, and same Sketchfab embed URL. This seems to rule out network-level or IP-level blocking.

  3. The approximately 50% success/failure rate suggests this may not be a simple client-side incompatibility. If Electron itself were consistently being detected as a bot, we would expect close to a 100% failure rate. The intermittent nature makes us wonder whether different infrastructure nodes or WAF policies are behaving differently.

Questions

  • Has anyone else experienced AWS WAF challenge pages appearing in Sketchfab embeds running inside Electron?

  • Is running Sketchfab embeds in Electron officially supported, and are there any recommended configurations?

  • Has anyone found a workaround to prevent AWS WAF challenges from being triggered in this type of environment?

Any feedback, similar experiences, or suggestions would be greatly appreciated.

Thanks!