Users blocked with CORS error

I enabled Cloudflare Web Application Firewall (WAF), and that went well for the majority of the users, but a few users are getting 403 on the API calls using Chrome(which works fine for Safari/Brave). I tried to replicate it on the staging environment but had no success, even the user that got a 403 error can access staging.

Do you have any idea what can be it? Could it be some configuration on Chrome?

You can follow our detailed guide below on dealing with false positives:

Cloudflare Docs

Handle false positives · Cloudflare Web Application Firewall (WAF) docs

From the screenshot you provided we can see cf-mitigated: challenge and a rayID: 87658764ccf836be

You can search by rayID or other fields such as user agent in your security events to see what rule is taking affect and adjust your WAF you have implemented.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.