Hello,

Our company has been having this issue for several weeks now and we’re unable to solve it.

Some of the requests that are being made by the browser to our servers are returning access-control-allow-origin error. This error triggers randomly, and on random users’ computers. It is somewhat reproducible but it does not happen every time.

For example, it will make a request to the same end point, and one request will come back valid while the other request will come back with a CORS issue. This makes us certain that it is a cloudflare issue and not a server issue, since it works one second and the next it does not.

Here is what it looks like in console:

2878×1664 547 KB

Now, here is two requests, the first one had no access-control-origin header set and therefore, it failed:

And then the second, which did have the header set and succeeded.

These two requests were made at the same exact time, yet one is correct and the other is not.

Anyways, can anyone point me in the right direction as to why cloudflare is dropping/stripping the access-control-origin header?

Thank you

It looks like the first request has a 502 status code. That issue needs to be resolved, rather than trying to get CORS headers on error pages!

Hello Michael,

Unfortunately, that isn’t the full issue. If you look at the console errors in the very first screenshot, there are CORS errors triggering on the following domains:

trackjs and gstatic.com

Gstatic as you are probably aware is a google’s own domain/CDN.
trackjs is a javascript error logging software we use.

If for some reason our server was erroring 502 only on our API end points, it would be one thing. But in the first screenshot, it errored it on 2 separate services, one of them controlled by google.

Thank you

This topic was automatically closed after 14 days. New replies are no longer allowed.