I have currently just enabled the rate limiting feature in the firewall section. I am using this on an API. When the user exceeds the number of requests, it correctly sends the 429 error but has a strict-origin-when-cross-origin policy and my web app cannot read this response. Is there any way to change the cors policy when returning rate limit exceeded?
It could be possible with the use of Cloudflare Workers (check if response code is 429, then add new headers or modify response), but I can’t guarantee if it works.
We just tested this and it looks like the rate limiting happens before it hits the workers. So unfortunately that wouldn’t work for this scenario.
Thanks for testing this scenario.
Sorry, my answer was marked as a solution but using workers does not fix this. We are experiencing the exact same issue (CORS errors on the 429 response) and need a good way to solve this. Having the ability to add headers to the custom response that the rate limiting sends would solve this.
I’m not sure who marked the solution, so I unmarked it.