When you visit a site that points to <site>.pages.dev via CNAME, and <site>.pages.dev (not *.<site>.pages.dev) is protected by Cloudflare Access, an error occurs that the page /cdn-cgi/access/authorized?nonce=...&state=... is not found.
Expected behavior:
- The site will request access rights by redirecting to
<team>.cloudflareaccess.com. - After confirming access rights, the user should be redirected to the page
original.website/cdn-cgi/access/authorized, and then be redirected to the original page and it should load as usual.
Actual behavior:
- The site requests access rights by redirecting to
<team>.cloudflareaccess.com - After confirming access rights, the user is redirected to the original website, to the page
/cdn-cgi/access/authorized?nonce=...&state=... - The server responds with a 404 not found error.
How to reproduce:
- Create a website on Cloudflare Pages.
- Set custom domain in the website settings on Pages.
- In the website settings on Pages, create an access policy.
- Go to one.dash.cloudflare.com use the appropriate button and remove * from the subdomain settings for this access application. The application should be on
<site>.pages.dev, not on*.<site>.pages.dev. - If you go to
<site>.pages.devand confirm the access rights, everything will work fine. But if you refer to the domain that you set in step 2, you will get a 404 not found error.
