I’m getting started with Cloudflare Pages to host simple static files.
I created a Pages project and deployed a single
.txt file and a
_headers file to it.
The content of the
_headers file is as follows
.txt file is served as expected, with both HTTP headers from the
_headers file sent with it. However Pages is also sending an
Access-Control-Allow-Origin: * header with every response.
As I understand from the Pages docs, one’d have to explicitly set said header in the
_headers file for it to appear in the reponse:
To enable other domains to fetch every asset from your Pages project, the following can be added to the
This applies the
Access-Control-Allow-Origin header to any incoming URL.
Headers · Cloudflare Pages docs
Is this a bug? Is there a way to remove the
Access-Control-Allow-Origin header from the responses?
You can remove it with the _headers file like so:
Hey! Sorry for the delay (topic was hidden temporarily) and thank you for the response.
I tried as you suggested but I didn’t work, it seems it broke the
_headers file, as it continued to send the
Access-Control-Allow-Origin header and stopped sending the other headers. Maybe I did something wrong in the process
What I done for now was create a Transform Rule on the dashboard to remove the header, but ideally the header shouldn’t be sent at all.
If you can send your _headers I can take a look at what may have gone wrong.
It seems it had stopped working altogether because I had put it in the wrong folder. I’m using direct uploads and the ZIP structure was as follows
I tried now with all files at the zip root and the headers were sent again. Including the
_headers file is as follows:
I don’t know if I did something wrong while trying to remove the
Access-Control-Allow-Origin header or if Cloudflare changed something in their end since this topic, but it seems prepending the header directive with
! to remove a header is now working as intended.
I also noticed there’s now a “Detach a header” section in the docs.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.