Redirect loop when using Access App Launcher

After setting up Access and going to the team page, when clicking the “SQL Admin” application I get sent into a constant redirect loop. Going directly to the .domain.com works, but not when going through the App Launcher.

I found this user who had the same problem but fixed it by changing SSL-policy from Off to Flexible, but I already have it on Full…

The app is behind Tunnel and works perfect without Access enabled… The loop is:

  1. .domain.com → https://.cloudflareaccess.com/cdn-cgi/access/login
  2. https://.cloudflareaccess.com/cdn-cgi/access/login → https://.domain.com/cdn-cgi/access/authorized
  3. https://.domain.com/cdn-cgi/access/authorized → .domain.com

And then the loop begins all over again 7-8 times before the browser kills it. Considering how it sends to /authorized I would assume there is no log in error, especially as going to the domain manually works, it is only through the App Launcher the problem occurs. Occasionally I also get 500 Internal Server Error with 0 bytes response without it even hitting the nginx server. Anyone else experienced anything similar?

It sounds similar to this thread, where we never could track down exactly what was happening. I suspect there was some mismatch between the login URL that triggered Access, and the final URL of the protected area. Or some cookie issue due how the user landed in the protected area. They never did share the actual URLs and I don’t know if they ever contacted Support.