Access-Control-Allow-Origin headers stripped

For some reason cloudflare seems to be stripping access-control-allow-origin headers. We tried using wildcard host to get the header to appear yet it still does not, however other CORS headers do show up. We turned off cloudflare and it immediately starts working. What are we supposed to do? I don’t see any option to contact the cloudflare team to get this rectified.

Maybe https://support.cloudflare.com/hc/en-us/articles/200308847-Using-cross-origin-resource-sharing-CORS-with-Cloudflare would help. At bottom of page there’s a button to submit a request to Cloudflare tech support if you want too.

Adding or changing CORS headers

If you add or change CORS configuration at your origin web server, purging the Cloudflare cache by URL does not update the CORS headers. Force Cloudflare to retrieve the new CORS headers via one of the following options:

  • Change the filename or URL to bypass cache to instruct Cloudflare to retrieve the latest CORS headers.
  • Use the single-file purge API to specify the appropriate CORS headers along with the purge request.
  • Update the resource’s last-modified time at your origin web server. Then, complete a full purge to retrieve the latest version of your assets including updated CORS headers.

Thanks I’ve contacted their support off that page because the full purge didn’t seem to help.