The source resource and cors is set to *any, but it does not take effect in cdn

能在cloudflare CDN 给代理dns设置access-control-allow-origin: * 吗?

The below knowledgebase article outlines how CORS work with Cloudflare, have a read, implement and let us know if you have issues thereafter.

Give us as much info as you can if you still have issues after taking into consideration the below article.

3 Likes

I added the Origin header to the source resource server according to the instructions of the document, but in fact cloudflare cdn did not get the header when reading the resource service area file. I used google cloud storage and I have followed his requirements. The cors is set, the dns is set, and the cname proxy is to c.storage.googleapis.com

Source file (correct and cross-domain)
https://storage.googleapis.com/assets-dev.tripmoment.com/uploads/keith/u8189/2021/05/31/3aace970b55615d4a645e98cffaf423c.jpg’

cloudflare cdn proxy (cannot cross domain)
https://assets-dev.tripmoment.com/uploads/keith/u8189/2021/05/31/3aace970b55615d4a645e98cffaf423c.jpg’

So I don’t know how to set it correctly. It can proceed as expected according to the header set by the source resource server

Working fine with me! Try clearing your browser cache, use other browser or private windows / tab to test!

Do you also use google storage? I set cors as follows according to google documentation.
My configuration

[
    {
      "origin": ["*"],
      "responseHeader": ["Content-Type"],
      "method": ["GET","POST", "HEAD", "DELETE", "OPTIONS"],
      "maxAgeSeconds": 3600
    }
]

Mine is not working, cross-domain resources return 403.
Can cloudflare set the header of cors separately.


Here my Chrome as a not logged in visitor, and as my free plan my best choice is disable Hotlink Protection on Scrape Shield section.

I don’t quite understand, but I turned off chrome cache

Does you tried deleting that domain cookie? I also have some issues look like your even i wipe my domain cookies or use another browsers. Clearing browser cache doesn’t help until cookies wiped. But your issues seem not on CF side as all of my browsers fetching your assets without any problems.

Was rejected by the same-origin policy