Tunnel CORS failure with r2 presigned url

I am getting a CORS error using a Cloudflare tunnel-hosted application to upload to an r2 bucket.

The web application creates a pre-signed url to upload a file to r2 bucket. This bucket has a cors policy set that includes both the localhost:3000 and the hostname origin for the application (i.e. https://app.example.com).

The upload works fine (i.e. upload to r2) when running the application from localhost.

When running on server accessed via a cloudflared routed hostname (i.e. https://app.example.com), the upload fails with a cors access-control-allow-origina error (below). In the requests I can see this domain in the ‘origin’ header, but the response does not have any cors headers like from localhost.

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Any ideas on how to resolve this issue?