CORS blocking access to Cloudflare API

When I send a GET request to https://api.cloudflare.com/client/v4/user/tokens/verify using jQuery or vanilla JavaScript they are blocked by CORS:

Cross-Origin Request Blocked: 
The Same Origin Policy disallows reading the remote resource at https://api.cloudflare.com/client/v4/user/tokens/verify. 
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

Is it possible to connect to the API using XHR?

I am passing a Authorization: Bearer <token> header in the request. Do I require another header?

No, not directly. You could create a CORS proxy using Workers though:
https://developers.cloudflare.com/workers/examples/cors-header-proxy

Thanks @albert that is what I suspected.

In this case I am thinking of using our own CORS proxy rather than the Cloudflare Workers, especially as we could still lock down the Cloudflare API by IP address.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.