I’ve logged a support ticket about this 6 days ago to which I received an initial reply, but no further follow-up.
So I’m posting the issue here as well in the hopes it might ring familiar to someone.
A resource hosted on Azure storage
https://hcdaikineventsapp.blob.core.windows.net/cdn/hc/favicon/site.webmanifest needs to be fetched from a website on another domain, i.e.: this is a CORS request.
This works fine when using this direct link.
Cloudflare is used as the CDN that sits in front of the Azure resource, and as such the corresponding URL becomes
Doing the exact same request using this URL, a CORS error is thrown saying there is no
Access-Control-Allow-Origin header in the response, and indeed, it’s not there.
This is the response when using the direct link.
Request URL: https://hcdaikineventsapp.blob.core.windows.net/cdn/hc/favicon/site.webmanifest Request Method: GET Status Code: 200 OK (from disk cache) Remote Address: 127.0.0.1:7769 Referrer Policy: strict-origin-when-cross-origin HTTP/1.1 200 OK Content-Length: 458 Content-Type: text/plain; charset=utf-8 Content-MD5: UzIU2+Bt6NjqWFDUJzThfw== Last-Modified: Sat, 31 Oct 2020 06:33:20 GMT ETag: 0x8D87D66DBE01D2D Vary: Origin Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: e39362cc-401e-004f-0177-9abd78000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: https://cdpn.io Access-Control-Allow-Credentials: true Date: Thu, 26 Aug 2021 12:37:22 GMT Referer: https://cdpn.io/ sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36