API calls (PUT and POST) being blocked by CORS policy


I have a site where there are API calls being made to the backend. The PUTs and POSTs are being blocked a CORS policy. The message that Im seeing on the browser console is: Access to XMLHttpRequest at ‘{api-url}’ from origin ‘{site-url}’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I tried putting in an '‘Access-Control-Allow-Origin’ entry on my nginx configuration file and running the application again tells me that ‘‘Access-Control-Allow-Origin’’ already exists with my site name and cannot have multiple entries for ‘‘Access-Control-Allow-Origin’’.

I also followed the steps outlined in https://enable-cors.org/server_nginx.html. This also didnt fix the issue.

However, presently i have configured my site (I have a Pro account) for just ‘DNS Only’ and the site is working as expected. Im attaching screenshot of Firewall overview dashboard. Also I see an article https://developers.cloudflare.com/access/setting-up-access/cors/. If I need to follow this, where shouldi be going to make the changes that its suggesting?

Any help on direction will be appreciated. Thank you

This topic was automatically closed after 30 days. New replies are no longer allowed.