A bug in CloudFlare Access

Hey, I was told this is a good place to report bugs - and I think I might’ve found one, so here is my report. :wink:

I have a page (in Cloudflare Pages) secured with Cloudflare Access. I’ve created a Service Auth token and added appropriate policy to let me authenticate using http headers rather than email & code.

I also have a custom domain enabled in Pages for that app, and when I make a request to the custom address, Cloudflare Access is losing the headers while redirecting. However, when I make a direct request to the *.pages.dev address it works fine. Both have identical configuration as separate apps.

It seems however, when I navigate to the DNS configuration and edit the CNAME record disabling Proxy option, it will start working just fine and authenticate me with client id & client secret sent in the headers.
As this spans between multiple products features I’m not sure where to pinpoint this, but I believe this might be a bug?