CORS headers not returned correctly when my domain is proxied - SOLVED!

When my domain is proxied, I am getting CORS errors.

Access to fetch at 'xxx' from origin 'yyy' 
has been blocked by CORS policy: Response to preflight request doesn't pass access 
control check: No 'Access-Control-Allow-Origin' header is present on the requested 
resource. If an opaque response serves your needs, set the request's mode to 'no-cors' 
to fetch the resource with CORS disabled.

When I use DNS only it works fine.

Doing a curl request seems to return status 444 from nginx on my server. I am not sure why.

Could this be because of HTTP2? Can I force usage of HTTP 1.1 using cloudflare?

The Cloudflare cache essentially passes through CORS headers, and the cache is shared on the Origin HTTP request header.

Can you share the cURL command you are using, or give an example URL that demonstrates the issue?

Do you get the 444 when the site is :orange: or :grey:?

Force from User-Cloudflare, or Cloudflare-Origin?

On paid plans you can disable H/2 to the user on the Network tab of the dashboard. You cannot disable H/2 on free plans. H/2 support to the origin seems to be in testing at the moment.

Do you have some kind of WAF in your Nginx Origin?

Do you get the 444 when the site is :orange: or :grey:?

When site is proxied. Everything works fine when I use DNS only.

Force from User-Cloudflare, or Cloudflare-Origin?

Cloudflare-Origin. I suspect nginx is returning 444 because of HTTP/2.
Without Cloudlfare proxy, nginx seems to using HTTP 1.1 (direct curl).

Do you have some kind of WAF in your Nginx Origin?

Do you mean Web Application Firewall? Just learned about it. Nope!

I downgraded my Origin to just use http rather than https and the problem went away!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.