We have the following three services running on K8S and proxied by Cloudflare (CF)
ui.examples.com, api1.examples.com, api2.examples.com
Highlevel setup is as below
(browser) <—tls—> (CF) <—tls—> (Digitalocen LB) <----tls----> (NginX Ingress) <-----> (ui.examples.com, api1.examples.com, api2.examples.com)K8S
Issue: Browser is not loading the site because of CORS issues
Finding: Cloudflare stripping off all CORS response headers
We have the same setup without CF (our dev env) and we can see that all the CORS headers are coming to the browser.
Community, Please let us know if there is any setting or how to fix it
I highly doubt that those headers are stripped unless something is specifically set up to do that, like a worker or an app.
Have you tried querying directly DO’s LB in the production environment?
Thats what I think aswell.
I tested my site via https://gf.dev/secure-headers-test and it showed just fine that all Headers I set are also there.
Would anyway recommend everyone to set all headers beside
I can only test that by taking my DNS out of cloudflare. right? or there is other ways
You can cURL the DigitalOcean Load Balancer directly without disabling Cloudflare or you can unproxy the record temporarily and check normally.
Thanks Matteo, Seems it was due to my faulty Nginx ingress controller.
Thanks you so much
This topic was automatically closed after 30 days. New replies are no longer allowed.