Hi! I have an API in NodeJS and Express which I access from my frontend that I have in Cloudflare Pages, I already have CORS configured with:
app.use(cors()); and it works fine.
The problem is that when I add my API to Cloudflare (Proxied) and configure WAF rules to only allow access to my API from the frontend in Cloudflare Pages, I get the following error in the console and it does not allow me to make my POST requests:
My API is on
and I added the custom Domain with Clouflare, I must clarify that if I disable the blocking WAF rule, my API works perfect, so I assume it is misconfigured.
This is my WAF rule to block all requests except my frontend on Cloudflare Pages:
(I can’t add more images please look at imgur)
And this is my rule that I want to Bypass if the URL matches and if it is done from my Cloudflare Pages domain:
Screenshot 1: https://imgur.com/ZsYf42l
Screenshot 2: https://imgur.com/JT3ucex
And finally this is the order in which I have the rules:
Do I need to add headers on my frontend requests now that I am using Cloudflare in my API or are the WAF rules misconfigured? Thanks in advance!