After troubleshooting errors like this for hours:
GET https://www.site.com/wp-admin/admin-ajax.php?_wpnonce=aafa0b8338&action=coauthors_ajax_suggest&post_type=post&q=user1&existing_authors=user66 403
I finally discovered that all errors go away if I whitelist the user’s ip on CF’s firewall.
I already tried using a Page Rule, and that didn’t work.
*site.com/wp-json/* Disable security Cache bypass Disable performance