CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested

I was getting CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested error when proxy mode on for my web site.

It works if I disable proxying. So it was not an issue on backend part.
When I was checking WAF events, it seems that my requests are blocked by Cloudflare OWASP Core Ruleset. It was getting score 65.

Solution:
I fixed the problem by creating a rule to skip some checks for the URL

Just wanted to share with community.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.