Strange POST request when XHR requests are made

Today I noticed a strange request that I had never noticed when my web app made an XHR request for my domain.

When I make a GET or POST request to my backend, e.g. https://example.com/index.php/status

Another POST request is made to https://example.com/cdn-cgi/rum?req_id=99999999, this request return code 200.

If I access the URL directly, this page displays the text “” 405 Not Allowed - cloudflare “”

What is that? What is the purpose of this request? Is it really made for Cloudfare?

Captura de Tela 2021-05-19 às 13.43.48

Seems like your origin server does not allow this kind of method.

To fix this, make sure your origin server triggers/provides the allow header for this type of method.

An example would be a POST on an unchangeable resource the thus only accepts GET.

The error code is only displayed if I access the URL directly.
When the request is made via XHR, the return code is 200.

What happens if you try the very same URL but with CloudFlare beeing paused of bypassed?

cdn-cgi is an automatic folder created by Cloudflare.

If you use things like Bot Javacript Detections or some other features then Cloudflare will add that. The post never reaches your server.

RUM is real user measurement, which is Cloudflare Browser Insights.