CD
Cloudflare Developers16mo ago
Quei

CORS issue ?

Hi All i think i have a cors issue, but I am not 100% sure because i get a generic error back. ok my setup is as follows: - i have a cloud flare tunnel - inside of the tunnel runs a small angular application - application and public hostname were set so i can reach my application and it works as expected in general. i have implemented in this application an API call towards cloudflare: https://api.cloudflare.com/client/v4/zones/*zone code/access/groups/group key* i tested the payload and url with curl, and i had no issues. So the first thing which was thrown by the browser was a CORS error. Then i adapted the application (see printscreen). i enabled CORS and set the application domain (www.example.com) in Access-Control-Allow-Origin and allow for testing the two other options. so the error in the browser was gone and i get a new more general error: 
{
    "headers": {
        "normalizedNames": {},
        "lazyUpdate": null,
        "headers": {}
    },
    "status": 0,
    "statusText": "Unknown Error",
    "url": "https://api.cloudflare.com/client/v4/zones/*zone code*/access/groups/*group key*",
    "ok": false,
    "name": "HttpErrorResponse",
    "message": "Http failure response for https://api.cloudflare.com/client/v4/zones/*zone code*/access/groups/*group key*: 0 Unknown Error",
    "error": {
        "isTrusted": true
    }
}
{
    "headers": {
        "normalizedNames": {},
        "lazyUpdate": null,
        "headers": {}
    },
    "status": 0,
    "statusText": "Unknown Error",
    "url": "https://api.cloudflare.com/client/v4/zones/*zone code*/access/groups/*group key*",
    "ok": false,
    "name": "HttpErrorResponse",
    "message": "Http failure response for https://api.cloudflare.com/client/v4/zones/*zone code*/access/groups/*group key*: 0 Unknown Error",
    "error": {
        "isTrusted": true
    }
}
for me it looks like the cloudflare api will block it.
5 Replies
crossbeau
crossbeau16mo ago
Do you have the policy set as a service_auth instead of allow, and are you using a service token to authenticate
crossbeau
crossbeau16mo ago
https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/cors/
CORS · Cloudflare Zero Trust docs
Cross-Origin Resource Sharing ( CORS ) is a mechanism that uses HTTP headers to grant a web application running on one origin permission to reach …
Quei
QueiOP16mo ago
two times a no... i have added now an additional policy to enable service_auth and generated a service token. implemented both in the header: 
const headers = new HttpHeaders({
      'Content-Type': 'application/json',
      'CF-Access-Client-Id': `${environment.CfHeaderAndClientId}`,
      'CF-Access-Client-Secret': `${environment.CfAccessClientSecret}`,
      'X-Auth-Email': `${environment.CfEmail}`,
      'X-Auth-Key': `${environment.CfGlobalApiKey}`,
    });
const headers = new HttpHeaders({
      'Content-Type': 'application/json',
      'CF-Access-Client-Id': `${environment.CfHeaderAndClientId}`,
      'CF-Access-Client-Secret': `${environment.CfAccessClientSecret}`,
      'X-Auth-Email': `${environment.CfEmail}`,
      'X-Auth-Key': `${environment.CfGlobalApiKey}`,
    });
still blocked... 
... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
crossbeau
crossbeau16mo ago
Any chance your backend app is blocking it ? Or wherever you are hosting your backend?
Quei
QueiOP16mo ago
no i dont think so, i run also other api requests for other sites and this works fine Ok, I solved it... it's the general configuration of the Cloudflare API, which I was unaware of. I now build a worker and make it with the worker as a "gateway".
Want results from more Discord servers?
Add your server