iOS Calendar subscription fails with verification failed error on Vercel hosted .ics feed

Help
, , , ,
1

Overview

I’m hosting a Next.js / FastAPI project on Vercel that provides a dynamic iCalendar (.ics) feed for users to subscribe to. The feed works perfectly on every platform except the native iOS Calendar app, which throws a “Verification failed” error.

Environment

  • Framework: Next.js with FastAPI backend
  • Domain: www.gocutit.com
  • Endpoint: /api/sync/calendar/[user].ics
  • Vercel Plan: Hobby

What Works :white_check_mark:

  • Google Calendar subscription — works perfectly
  • Microsoft Outlook subscription — works perfectly
  • Direct browser access — returns 200 OK, downloads valid .ics file
  • The .ics file is fully RFC 5545 compliant with correct text/calendar Content-Type

What Fails :cross_mark:

  • iOS native Calendar app (Settings → Calendar → Accounts → Add Subscribed Calendar)
  • Error message:

Error: Verification failed

  • The iOS Calendar uses the dataaccessd user-agent for these requests

Troubleshooting Completed

  1. Disabled Deployment Protection via OPTIONS Allowlist for the /api/sync/calendar path
  2. Added CORS headers in vercel.json:
    • Access-Control-Allow-Origin: *
    • Access-Control-Allow-Methods: GET, OPTIONS, HEAD
  3. Tested with a static file: Placed a hardcoded test.ics file in the /public folder — same “Verification failed” error on iOS
  4. Firewall Configuration:
    • Created a custom bypass rule for path /api/sync/calendar — Rule is Active
    • Bot Protection: Disabled
    • Attack Challenge Mode: Disabled
    • Bypass rule is positioned above all other rules
  5. Verified Deployment Protection is not the issue — accessing the URL in an incognito browser successfully downloads the .ics file

Key Finding :magnifying_glass_tilted_left:

When attempting to subscribe from iOS Calendar, no requests appear in Vercel logs at all. This indicates the requests are being blocked or dropped at Vercel’s Edge layer before reaching the application.

This happens even though:

  • All protections are disabled
  • Custom bypass rules are in place
  • The endpoint is fully public and accessible from all other clients

Theory

It appears Vercel’s Edge network is specifically blocking or dropping connections from Apple’s dataaccessd user-agent, possibly due to:

  • TLS/SSL handshake handling specific to iOS
  • Some undocumented bot filtering at the Edge layer
  • The way iOS Calendar probes/validates URLs before subscribing

Request

Has anyone successfully hosted an .ics calendar subscription feed on Vercel that works with the native iOS Calendar app? Is there a known workaround or configuration required to allow the dataaccessd user-agent through Vercel’s Edge network?

Any help would be greatly appreciated!