I have the following websites:
www.x.tld
api.x.tld
When making requests from www.x.tld to api.x.tld, they get blocked.
Both subdomains are protected by zero trust and both subdomains have the exact same rules.
I can connect to both www.x.tld and api.x.tld when directly accessing, the problem is that requests between them get blocked.
Being a different subdomain in the request there is no cookie attached.
How am I supposed to allow these requests to go through? Add cookies to the request manually? Add some kind of header?
I’ve tried to contact the support, but it’s been 2 weeks and the only answer they gave me was to remove all policies…
You are going to want to look at service tokens.
I cannot use service tokens for this.
The request is made from user’s browser, from www.x.tld to api.x.tld, I don’t think I should expose a service token to my users so they can make requests.
Came here looking for the same answer, so far I’m here:
- I have two subdomains app.domain.tld and api.domain.tld
- I cannot use wildcards for my access policy because other subdomains shouldn’t be behind access and Cloudflare strips out wildcards that do partial matching.
- I therefore have two policies
- When a request from app.domain.tld is made to api.domain.tld - that request hits a 301 and returns the access paywall rather than returning a valid response from the api.