CORS header ‘Access-Control-Allow-Origin’ missing

What is the name of the domain?

What is the error number?

525

What is the error message?

CORS header ‘Access-Control-Allow-Origin’ missing

What is the issue you’re encountering

Getting 525 CORS error (Reason: CORS header ‘Access-Control-Allow-Origin’ missing) when trying to reach backend

What steps have you taken to resolve the issue?

Looked up all things related to Cloudflare, CORS header ‘Access-Control-Allow-Origin’ missing, and CORS Middleware for my FastAPI backend.

I ensured that my backend is

What is the current SSL/TLS setting?

Full

Screenshot of the error

Was getting errors when trying to post with full description, so I have added it here instead:

Looked up all things related to Cloudflare, CORS header ‘Access-Control-Allow-Origin’ missing, and CORS Middleware for my FastAPI backend.

My frontend, registered to the playlistmoodevaluator.com domain on Cloudflare, routes to a React CRA-based app hosted on Render.
My backend, registered to the api.playlistmoodevaluator.com subdomain on Cloudflare, routes to a FastAPI python backend hosted on Fly.io.

I ensured that my backend is configured to accept requests from my frontend, like so:

origins = [
    "https://playlistmoodevaluator.com",
    "https://www.playlistmoodevaluator.com",
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

As you can see in the screenshot attached below, this exact origin (https://playlistmoodevaluator.com), is expected by my backend’s Middleware and should be accepted.
This process was working until I registered my domain with Cloudflare and started routing my traffic through my new domain.

When Cloudflare SSL settings are set to “Strict” or “Strict (Full)”, this requires that all domains have an SSL cert.

My backend API did not have an SSL cert configured, so Cloudflare was rejecting traffic to this subdomain.

As soon as I installed the SSL cert on my backend hosting service (Fly.io) and registered my subdomain, the app started working flawless.

Make sure you have certs for both your backend and frontend if you’re using Full/Full (Strict)!!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.