Server responding with 403 strict-origin-when-cross-origin when proxy on

david.k1010 · July 17, 2023, 10:56pm

We are using Cloudflare with our PHP web app. We almost had things working until we found that one section of our php code is calling another section of our php which queries the db. This results in 403 status with the Referrer Policy being strict-origin-when-cross-origin.

When turning off the proxy and setting the A record to DNS only, this code works properly. I believe this may be an issue with the headers being sent. Has anyone ever dealt with this?

I have tried updating my httpd.conf file to enable CORS but that didn’t work.

camillodanilo · July 27, 2023, 3:00pm

Hello David, I am not a Cloudflare employee but have a lot of CDN experience. Yes, that looks like a CORS issue. Did you check if you have done your CORS configuration with “Header always set” ?
Example:

Header always set Access-Control-Allow-Origin "*"

Most of the times the issue is with the type of the action your are using to set your CORS, like set, add, always set, etc…

system · August 11, 2023, 3:00pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.