CORS policy - Blocking outside access to API

I would like to know if through Cloudflare we can manage who can make requests to our API. Similar to setting CORS annotations but instead of setting them on the server I would like to do it through Cloudflare.

For example. can make requests to can make requests to
Anyone from the world cannot make requests to

Any tips and tricks are greatly appreciated! Thanks!

There isn’t a good way outside of CORS to block requests. CORS only works for browsers and is designed so that anyone visiting your site can access the resources, but people from other sites can not. You could add a secret header to all the requests that are being made from your selected sites, but it would be trivial to get that header and make the requests. This is the issue with browsers accessing APIs your API needs to be globally accessible unless you are limiting countries or are using authentication.

1 Like