Crowdhandler · luke-owen-crowdhandler · Jun 11, 2026 · Jun 10, 2026
diff --git a/dist/originOverride.zip b/dist/originOverride.zip
diff --git a/dist/originResponse.zip b/dist/originResponse.zip
diff --git a/dist/viewerRequest.zip b/dist/viewerRequest.zip
diff --git a/dist/viewerResponse.zip b/dist/viewerResponse.zip
diff --git a/handlerViewerRequest.js b/handlerViewerRequest.js
@@ -245,8 +245,19 @@ module.exports.viewerRequest = async (event) => {
       break;
   }
 
-  // Normal healthy response
-  if (result.promoted !== 1 && result.status !== 2) {
+  // Throttle response (status 6) - treated as a server error, respect failTrust setting
+  if (result.status === 6 && failTrust === true) {
+    redirect = false;
+  } else if (result.status === 6) {
+    console.error("[CH] API throttle response (status 6) - redirecting to safety net");
+    redirect = true;
+    if (safetyNetSlug) {
+      redirectLocation = `https://${WREndpoint}/${safetyNetSlug}?url=${targetURL}&ch-code=${chCode}&ch-id=${result.token}&ch-public-key=${publicKey}`;
+    } else {
+      redirectLocation = `https://${WREndpoint}/?url=${targetURL}&ch-code=${chCode}&ch-id=${result.token}&ch-public-key=${publicKey}`;
+    }
+    // Normal healthy response
+  } else if (result.promoted !== 1 && result.status !== 2) {
     redirect = true;
     redirectLocation = `https://${WREndpoint}/${result.slug}?url=${targetURL}&ch-code=${chCode}&ch-id=${result.token}&ch-public-key=${publicKey}`;
     // 4xx client error - always redirect to safety net (ignore failTrust)

diff --git a/helpers/http.js b/helpers/http.js
@@ -22,7 +22,7 @@ const dummyResponseData = {
   },
 };
 
-// Client error response (4xx) - never triggers failTrust, always safety net
+// Client error response (4xx, excluding 429) - never triggers failTrust, always safety net
 const clientErrorResponseData = {
   result: {
     status: 2,
@@ -49,7 +49,11 @@ export const httpGET = function (options) {
   return new Promise(function (resolve, reject) {
     var req = https.request(options, function (res) {
       // reject on bad status
-      if (res.statusCode >= 400 && res.statusCode < 500) {
+      // 429 throttle is treated as a server error so failTrust is respected
+      if (res.statusCode === 429) {
+        console.error(`[CH] API 429: throttled`);
+        reject(JSON.stringify(dummyResponseData));
+      } else if (res.statusCode >= 400 && res.statusCode < 500) {
         console.error(`[CH] API 4xx: ${res.statusCode}`);
         reject(JSON.stringify(clientErrorResponseData));
       } else if (res.statusCode < 200 || res.statusCode >= 300) {
@@ -86,7 +90,11 @@ export const httpPOST = function (options, data) {
   return new Promise(function (resolve, reject) {
     var req = https.request(options, function (res) {
       // reject on bad status
-      if (res.statusCode >= 400 && res.statusCode < 500) {
+      // 429 throttle is treated as a server error so failTrust is respected
+      if (res.statusCode === 429) {
+        console.error(`[CH] API 429: throttled`);
+        reject(JSON.stringify(dummyResponseData));
+      } else if (res.statusCode >= 400 && res.statusCode < 500) {
         console.error(`[CH] API 4xx: ${res.statusCode}`);
         reject(JSON.stringify(clientErrorResponseData));
       } else if (res.statusCode < 200 || res.statusCode >= 300) {