How to perform js_challenge on cross domain requests

I have two domain, with domain A as the main site and calling the API of domain B through cross domain requests. Now, I need to set rules for domain B in Cloudflare. To prevent attacks, I need to perform js_challenge on specific URL requests for domain B. Can I do this? After my simple testing, I found that accessing through domain A cannot complete human-machine verification

The challenge page does not return headers to allow cross-origin requests so it can’t be done. If the API domain is challenging, I’m not sure how you could pass it anyway since the challenge page won’t show to the user.

Since both domains are under your control, can you make the API request to domain A and make a sub-request to domain B through your origin server (or use a worker)?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.