Simple Cloudflare for SaaS Setup

I have a worker on account A (our account)

My goal is very simple:

I want OTHER cloudflare accounts, as well as zones in my SAME account, to be able to point a CNAME on some domain to my worker.

That’s it. For example:

Account A -> my worker -> my worker

And also client accounts:

Account B -> my worker

Normally this causes “Cross-domain banned” errors, so I enabled “Cloudflare for SAAS” on a domain in account A.

I chose an arbitrary domain on our account…

I have tried several different setups and I cannot get this to work. Heres the most recent thing I tried:

Account A
AAAA    100::

The part where I’m confused is creating a “fallback”. The 2 options here Workers as your fallback origin · Cloudflare for Platforms docs

just make the worker WAY too permissive. I dont want the worker activated on anything other than… and ideally, other account zones merely point to that subdomain and it “just works”

When I set it to */* its too pervasive… it literally runs on EVERY subdomain… but this is what the docs say to use.

How do I literally just let people point subdomains to a worker? without messing up everything else on the same domain

To add to this, if I use this as the worker route (instead of the */* that it suggests):*

And then i add to a custom hostname, and set to to HTTP validation. I can see both are active/successful for the 2 validations…

Then if the customer with a separate account points to

Instead of getting the worker, it gets a 522 error

Sorry for all the replies… lol. I can’t edit my posts.

I forgot to mention this is in the SAME account I get a 522 error. I need to point domains from both my account and other client cloudflare accounts to this same cname. it seems external accounts work in some configurations, but not domains/zones in the same account, those are the ones that get 522