Cloudflare cookie blocked by cross site trackers
I have a wordpress site behind CF access + and R2 bucket serving images and media also behind CF access, each on separate subdomains.
When I first load the site the images don't load, because the image url is being redirected to auth with cloudflare access, it is not sharing the auth cookie I believe because it is on a different subdomain.
If i load the image url in a separate tab, the image loads and I believe stores the cookie for that domain(Same CF_Authorization cookie as wordpress subdomain), then the images load on the main wordpress site no problem(I'm assuming because it has the cookie stored under both subdomains now)
Is there a way around this without asking users to disable cross site tracking in safari and brave(shields)?
I have tried adding CORS allow rules for the R2 bucket to no avail.
3 Replies