I want to access https://api.qrlpool.org from https://qrlpool.org.
When not in Under Attack Mode, it worked fine.
But after enabling Under Attack Mode, the “access-control-allow-origin: https://qrlpool.org” was not returned from cloudflare.
I wonder why and how to sole this issue.
Request URL: https://api.qrlpool.org/pool/stats
When I request from website directly, it does return the correct header.
$ curl --resolve api.qrlpool.org:443:... https://api.qrlpool.org/pool/stats -svo /dev/null --header “Origin: https://qrlpool.org”
GET /pool/stats HTTP/1.1