Access-Control-Allow-Origin on Cloudflare Error Pages


Hi there,

I’m trying out Cloudflare Rate Limiting, which is perfectly suited to protect my API. However, my API is accessed in a browser on several different domains.

When Rate Limiting kicks in, Cloudflare shows my custom 429 error page, but doesn’t include a Access-Control-Allow-Origin * header, so Javascript won’t be able to read the response (or status code) of that page.

It would be great it there was a switch in the Dashboard to enable CORs for Cloudflare Error Pages.

P.S. a support engineer had a good idea of using a Cloudflare Worker for this to add the header. However, it looks like Rate Limiting sits in front of Workers, so if the request is Rate Limited, the request will never reach my Worker so the header cannot be added.