Our company has been having this issue for several weeks now and we’re unable to solve it.
Some of the requests that are being made by the browser to our servers are returning access-control-allow-origin error. This error triggers randomly, and on random users’ computers. It is somewhat reproducible but it does not happen every time.
For example, it will make a request to the same end point, and one request will come back valid while the other request will come back with a CORS issue. This makes us certain that it is a cloudflare issue and not a server issue, since it works one second and the next it does not.
Unfortunately, that isn’t the full issue. If you look at the console errors in the very first screenshot, there are CORS errors triggering on the following domains:
Gstatic as you are probably aware is a google’s own domain/CDN.
trackjs is a javascript error logging software we use.
If for some reason our server was erroring 502 only on our API end points, it would be one thing. But in the first screenshot, it errored it on 2 separate services, one of them controlled by google.