'Access-Control-Allow-Origin' missing from Response Header when request via cloudflare

Hello, I’m using Cloudflare to proxy my server IP. When I access my web app via DNS, the ‘Access-Control-Allow-Origin’ is missing from Response Header, hence it causes CORS error.

However, when I access my web app directly via its IP, the server returns ‘Access-Control-Allow-Origin’ in header, hence no CORS error.

curl --dump-header - -o /dev/null --silent -H "Origin: http://cassava.nutjane.me" http://cassava.nutjane.me:8080/hi

HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 08:29:36 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oagEfEUq7WScuoQ3revgithtnvyJAMt6LBCD%2FarhZhESebF1EgJxTGXNHEutaKVDsS4M5GXg6mrHAAIP6B1ac2%2BrRqnct5oVEtyQ7Nr0g1d1ul8Po2CCCHVBcaWBvvs2F5TE7wrF0x8Dw3rfUYg%2FkjGDVm%2Ba7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75f1587b2dee4a65-SIN
curl --dump-header - -o /dev/null --silent -H "Origin: http://cassava.nutjane.me" http://104.197.239.139:8080/hi
HTTP/1.1 200 
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: http://cassava.nutjane.me
Access-Control-Expose-Headers: Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Max-Age, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 24 Oct 2022 08:30:46 GMT

This is a screenshot when I access via proxied domain

This is a screenshot when I access directly IP address.

Thank you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.