Here’s my setup:
- web pages at /dashboard/…
- some POST ajax endpoints at /dashboard/ajax/…
Everything with prefix /dashboard/ is protected by Zero Trust’s applications (e.g., a specific email has to login).
If we stay on a /dashboard/ web page for a long time (e.g., editing a long blog post), then POST ajax endpoints will be redirected to a url like
...cloudflareaccess.com/cdn-cgi/access/login/..., thus ajax requests would fail due to CORS errors. To my understanding, such redirection is to refresh jwt token (i.e., sending GET request to
Is there a way to proactively refresh jwt token?