I’m trying out Cloudflare Rate Limiting, which is perfectly suited to protect my API. However, my API is accessed in a browser on several different domains.
It would be great it there was a switch in the Dashboard to enable CORs for Cloudflare Error Pages.
P.S. a support engineer had a good idea of using a Cloudflare Worker for this to add the header. However, it looks like Rate Limiting sits in front of Workers, so if the request is Rate Limited, the request will never reach my Worker so the header cannot be added.