XMLHttpRequests fail in chrome when behind CF proxy

I’m struggling to figure out why I am unable to make XMLHttpRequests to a domain when I click the Cloud icon in the DNS settings to put the domain behind the Cloudflare proxy. The strange thing is I can only replicate the issue in Google Chrome - FireFox works fine.
If I disable the CF proxy, then Google Chrome is then able to load the website.

When viewing in chrome…
From the server’s logs, I can see that only the OPTIONS requests are hitting the server. The GET requests are then failing with the three different errors in chrome (listed in order of presentation):

  • ERR_FAILED (x10)
  • ERR_CONNECTION_CLOSED (all remaining requests)

Viewing the page being requested via the XMLHttpRequest shows the page fine in Chrome.

Running CURL to dump the headers, I get the following response while the domain is operating behind the CF proxy:

curl --dump-header - -o /dev/null https://my-domain-behind-cf.com/path-to-api-endpoint -H "Origin: https://my-test-domain.test" -H "X-Requested-With: XMLHttpRequest"

date: Tue, 05 Sep 2023 10:37:37 GMT
content-type: application/json
vary: Accept-Encoding
vary: Origin
cache-control: no-cache, private
access-control-allow-origin: https://my-test-domain.test
access-control-allow-credentials: true
set-cookie: <redacted> httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-phil-test: hello world
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ta%2Fb6opEOvN%2BuChXALjOHELLXf%2B7zoV3cSGfhgYryqE%2F2ea0TOrR5xo3jdFgrvx6mlveccCQu2V0YGYHoYPbD8z30G8Z6AyHTHx3mQwml0ku4DWsEyC858Q9z89H%2FoBRxVesGEDVLLD%2FKZ4EGJcE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 801dd68478602dd9-MAN

Caching is not enabled in Cloudflare for the domain being requested however this is the end goal.

Thank you in advance

Google chrome also does not show anything network / CORS related in the Issues section. Only some stuff about labels and input elements

In the end we found the issue was not down to Cloudflare specifically, but down to how HTTP/2 works. There seems to be undocumented limits in Webkit browsers that limit the number of simultanious AJAX requests that can take place to a single host. We found the limit to be around the 100 mark but this could differ so don’t take this number as the true value.