How can I sign a preflight response created in a worker script with my responder URL?
I have a problem figuring out how to deal with preflight requests on a DNS which is registered using Cloudflare.
Here is my setup:
- I have a website (https://www.example.com/) which is hosted under http://myIPv4:80/.
- I’ve enabled flexible SSL using a page rule to redirect https://www.example.com/ to http://www.example.com/
- I’ve set up a DNS A record to proxy example.com to myIPv4
This setup works for me.
Now I want to access an API from my website (https://www.example.com/):
- I have an API which is hosted under http://myIPv4:8080/ and should be called by https://api.example.com/
- This API requires a preflight as it is hosting a ‘Content-Type’: ‘application/json’ API
I have tried to create an “A record” DNS entry which redirects this API to myIPv4 as well, in addition to a web worker which should handle the preflight request for CORS.
My problem is that I get a “Redirect is not allowed […]” since the responder of that message is the IPv4 of Cloudflare and not my https://api.example.com/ call.
Is there a way to hide my servers IP behind a Cloudflare DNS and handling preflight requests which do not redirect?
I am sure I left out important details, but as I am pretty new to Cloudflare and CORS, I would appreciate every follow-up question or suggestion on what I could try next.
Thanks for your read and I hope that you can help me!