I have a cloudflared tunnel exposing a HTTP API…
I have created a Cloudflare Zero Trust - Application - Self Hosted
- Service Auth using a Service Token
- No CORS
- I have selected “Enable automatic cloudflared authentication”
I can send a request to my API setting the CF-Access headers…
- CF-Access-Client-Id
- CF-Access-Client-Secret
I successfully receive a response from my API… and receive a Set-Cookie from Cloudflare (CF_Authorization).
For my next request… I disable the two headers (CF-Access-Client-Id, CF-Access-Client-Secret) and create a CF_Authorization header with the value of the JWT received in the Cookie.
I receive a “Cloudflare Access Error”… my origin receives no request.
I have tried every setting possible, I have read everything on the internet… I cannot seem to find a solution…