Cloudflare Browser Insights CORS Policy Issue

Hi,

I hope you are doing well! A little background: we added some security headers to our .htaccess file and then the https://cloudflareinsights.com/cdn-cgi/rum was no longer working. We would get an Access to resource at 'https://cloudflareinsights.com/cdn-cgi/rum' from origin '[https://www.tips4gamers.com](https://www.tips4gamers.com/)' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. error. So I deleted the security rules and created the worker Cloudflare has provided - https://developers.cloudflare.com/workers/examples/security-headers - and I changed a few things to it. I wish I found that information before adding anything to my .htaccess file.

This error was only present on three pages. I then added the Insights code manually right before the </body> tag and the issue was still there but present on every page now. Then, I followed the instructions here - My SiteGround Account - to no prevail. I do not like to add the wildcard (*) because of security reasons but I needed to try it out.

Then, I contacted SiteGround for them to guide me to implement the unordered list item #3 via - Using cross-origin resource sharing (CORS) with Cloudflare – Cloudflare Help Center. They said it was too advanced in development so they recommend that I hire a developer or contact you guys to see if there is anything else I can do.

I would like to Use the single-file purge API to specify the appropriate CORS headers along with the purge request. but that is beyond what I know how to do. If I could figure that out it would be cake. I would like to know how to run those API calls for future use, however.

What else could I do to fix this issue?

Thanks and regards,

Josh

Hello!, you might be experiencing this problem : https://developers.cloudflare.com/analytics/faq#when-i-add-the-beacon-to-my-website-and-load-the-webpage-i-see-an-error-that-includes-is-not-allowed-by-access-controll-allow-origin-cors-whats-happening
please let us know if that is not the case. Thanks.

1 Like

Ahh, okay, thank you for that! Wish I found that article before.

You may also see this error if the site does not send a “Referer” or “Origin” header. The “Referer” header is required (don’t try to use the “Referrer-policy” header instead). We have a change in-flight now that only the “Origin” header will be required – we believe there is no way to disable that in the browser.

I set a "Referrer-Policy": "strict-origin-when-cross-origin", in the Cloudflare worker and this was for hardening some security on our site since the referer has some vulnerabilities.

I deactivated the Browser Insights and removed the code but that issue is still presenting itself even though I was in incognito mode and disabled the cache. It’s almost as if Browser Insights doesn’t want to part ways.