Our company has been having this issue for several weeks now and we’re unable to solve it.
Some of the requests that are being made by the browser to our servers are returning access-control-allow-origin error. This error triggers randomly, and on random users’ computers. It is somewhat reproducible but it does not happen every time.
For example, it will make a request to the same end point, and one request will come back valid while the other request will come back with a CORS issue. This makes us certain that it is a cloudflare issue and not a server issue, since it works one second and the next it does not.
Here is what it looks like in console:
Now, here is two requests, the first one had no access-control-origin header set and therefore, it failed:
And then the second, which did have the header set and succeeded.
These two requests were made at the same exact time, yet one is correct and the other is not.
Anyways, can anyone point me in the right direction as to why cloudflare is dropping/stripping the access-control-origin header?