thefourcraft
thefourcraft
PostsComments
CDCloudflare Developers
Created by thefourcraft on 4/12/2024 in #general-help
Bocked by CORS policy
I have increased errors on my WordPress sites when using access 
Access to fetch at 'https://exmple.cloudflareaccess.com/cdn-cgi/access/login/' (redirected from 'https://example.com/') from origin 'https://example.com/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Access to fetch at 'https://exmple.cloudflareaccess.com/cdn-cgi/access/login/' (redirected from 'https://example.com/') from origin 'https://example.com/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I am not sure why this started to happening, but this issue prevents critical functions form working
2 replies
CDCloudflare Developers
Created by thefourcraft on 3/3/2024 in #general-help
Access-Control-Allow-Origin security issue
I wanted to test my WordPress website for security issues. I use ZeroTrust to block access to /wp-admin and the login URL 
GET /wp-admin/ HTTP/2
Host: my-cool-domain.com
Accept-Encoding: gzip, deflate, br
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Cache-Control: max-age=0
Origin: https://thefourcraft.com
GET /wp-admin/ HTTP/2
Host: my-cool-domain.com
Accept-Encoding: gzip, deflate, br
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Cache-Control: max-age=0
Origin: https://thefourcraft.com
I get this response 
HTTP/2 302 Found
Date: Sun, 03 Mar 2024 07:58:36 GMT
Location: https://team.cloudflareaccess.com/cdn-cgi/access/login/my-cool-domain.com?kid=4bff6428ede91c76df49978fb7b21797d30541c17b8c60c147ea0b3381a33706&redirect_url=%2Fwp-admin%2F&meta=eyJraWQiOiIyYjZhODFmZmVjMzIxNzlkODI0NWVkMWIyMGEwZmRiOGQ5NWVmYTkxYTJiYzgzYzYzYjExMWM0YzkwZjA2NzBlIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTcwOTQ1MjcxNiwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjRiZmY2NDI4ZWRlOTFjNzZkZjQ5OTc4ZmI3YjIxNzk3ZDMwNTQxYzE3YjhjNjBjMTQ3ZWEwYjMzODFhMzM3MDYiLCJob3N0bmFtZSI6InRlZ3JpYWkuY29tIiwiYXBwX3Nlc3Npb25faGFzaCI6ImY2OTM0NDM5MzBkMDk2NGUwY2U1ZWFkYTEzMWFkYWFmNDZlOWE3ZTMyMzUyYzg5MGEyNThkNWI0ODVjY2UxMzYiLCJuYmYiOjE3MDk0NTI3MTYsImlzX3dhcnAiOmZhbHNlLCJpc19nYXRld2F5IjpmYWxzZSwidHlwZSI6Im1ldGEiLCJyZWRpcmVjdF91cmwiOiJcL3dwLWFkbWluXC8iLCJtdGxzX2F1dGgiOnsiY2VydF9pc3N1ZXJfc2tpIjoiIiwiY2VydF9wcmVzZW50ZWQiOmZhbHNlLCJjZXJ0X3NlcmlhbCI6IiIsImNlcnRfaXNzdWVyX2RuIjoiIiwiYXV0aF9zdGF0dXMiOiJOT05FIn0sImF1dGhfc3RhdHVzIjoiTk9ORSJ9.fwG5z8PGtEzu5vefY9m5RM0v8Y2A7Gf84CLSlsQkFGGDh6CsPm7CNlzQG3FH1xxZRQLMOR4hDtoNKDo6AUNe_Rol7ESwnaU0nmn-nx1ehNmeKkUi9dNy1Eop_0mpKdKAlllWYQkH3TCZoWfiZ4sLRARQQxIWylhmJh0Mb2Nf8bG9umatth7kLCz4cQM5Cfg0WiGBNxW0ALLOUXwZcJ5sjKQa9u8pXRbnJSslzrseg3z9-jd41JT_dsoQaSHsjogjUDEJK50VLJotZouxMRdiB83RjKhdvEwZXbDfT65YAUKcvpeyUxZpYa9HSrJuIq1hcpMrm5s35ewGfpZSt_eTFQ
Set-Cookie: CF_AppSession=n4f9957c5a2b4fd05; Expires=Mon, 04 Mar 2024 07:58:36 GMT; Path=/; Secure; HttpOnly
Access-Control-Allow-Origin: https://thefourcraft.com
Access-Control-Allow-Credentials: true
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Lg4%2FMTvK%2F0H4dwuBWGQ8fYcTAIV9t0jDz04E0dcJ7MnDXFM3xeteTXv%2BnnrhDe%2BVeelvw2VKndsh3tTfITpg2%2B08S2vEy5IbgdDz8yDdFnBknYVxLoSaTNRMKuDHw%3D%3D"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Cf-Ray: 85e81518290094dd-HFA
Alt-Svc: h3=":443"; ma=86400
HTTP/2 302 Found
Date: Sun, 03 Mar 2024 07:58:36 GMT
Location: https://team.cloudflareaccess.com/cdn-cgi/access/login/my-cool-domain.com?kid=4bff6428ede91c76df49978fb7b21797d30541c17b8c60c147ea0b3381a33706&redirect_url=%2Fwp-admin%2F&meta=eyJraWQiOiIyYjZhODFmZmVjMzIxNzlkODI0NWVkMWIyMGEwZmRiOGQ5NWVmYTkxYTJiYzgzYzYzYjExMWM0YzkwZjA2NzBlIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTcwOTQ1MjcxNiwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjRiZmY2NDI4ZWRlOTFjNzZkZjQ5OTc4ZmI3YjIxNzk3ZDMwNTQxYzE3YjhjNjBjMTQ3ZWEwYjMzODFhMzM3MDYiLCJob3N0bmFtZSI6InRlZ3JpYWkuY29tIiwiYXBwX3Nlc3Npb25faGFzaCI6ImY2OTM0NDM5MzBkMDk2NGUwY2U1ZWFkYTEzMWFkYWFmNDZlOWE3ZTMyMzUyYzg5MGEyNThkNWI0ODVjY2UxMzYiLCJuYmYiOjE3MDk0NTI3MTYsImlzX3dhcnAiOmZhbHNlLCJpc19nYXRld2F5IjpmYWxzZSwidHlwZSI6Im1ldGEiLCJyZWRpcmVjdF91cmwiOiJcL3dwLWFkbWluXC8iLCJtdGxzX2F1dGgiOnsiY2VydF9pc3N1ZXJfc2tpIjoiIiwiY2VydF9wcmVzZW50ZWQiOmZhbHNlLCJjZXJ0X3NlcmlhbCI6IiIsImNlcnRfaXNzdWVyX2RuIjoiIiwiYXV0aF9zdGF0dXMiOiJOT05FIn0sImF1dGhfc3RhdHVzIjoiTk9ORSJ9.fwG5z8PGtEzu5vefY9m5RM0v8Y2A7Gf84CLSlsQkFGGDh6CsPm7CNlzQG3FH1xxZRQLMOR4hDtoNKDo6AUNe_Rol7ESwnaU0nmn-nx1ehNmeKkUi9dNy1Eop_0mpKdKAlllWYQkH3TCZoWfiZ4sLRARQQxIWylhmJh0Mb2Nf8bG9umatth7kLCz4cQM5Cfg0WiGBNxW0ALLOUXwZcJ5sjKQa9u8pXRbnJSslzrseg3z9-jd41JT_dsoQaSHsjogjUDEJK50VLJotZouxMRdiB83RjKhdvEwZXbDfT65YAUKcvpeyUxZpYa9HSrJuIq1hcpMrm5s35ewGfpZSt_eTFQ
Set-Cookie: CF_AppSession=n4f9957c5a2b4fd05; Expires=Mon, 04 Mar 2024 07:58:36 GMT; Path=/; Secure; HttpOnly
Access-Control-Allow-Origin: https://thefourcraft.com
Access-Control-Allow-Credentials: true
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Lg4%2FMTvK%2F0H4dwuBWGQ8fYcTAIV9t0jDz04E0dcJ7MnDXFM3xeteTXv%2BnnrhDe%2BVeelvw2VKndsh3tTfITpg2%2B08S2vEy5IbgdDz8yDdFnBknYVxLoSaTNRMKuDHw%3D%3D"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Cf-Ray: 85e81518290094dd-HFA
Alt-Svc: h3=":443"; ma=86400
As you can see, I was able to change the response to 
Access-Control-Allow-Origin: https://thefourcraft.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thefourcraft.com
Access-Control-Allow-Credentials: true
I think this might be a configuration issue with my Zero Trust, but I'm not sure.
2 replies
CDCloudflare Developers
Created by thefourcraft on 9/25/2023 in #general-help
A TCP Issue with ZeroTurst
No description
5 replies
CDCloudflare Developers
Created by thefourcraft on 9/17/2023 in #general-help
Cloudflared Tunnel HTTP headers
How can I Pass headers in a cloudflared tunnel, I mean server-side headers that need to be passed to the end user? I wasn't able to find any info about this, while I can use transform rules I can't find any docs on about how can I pass a dynamic header
15 replies
CDCloudflare Developers
Created by thefourcraft on 1/27/2023 in #pages-help
Pages Error 522 On IDN's
3 replies
CDCloudflare Developers
Created by thefourcraft on 1/17/2023 in #pages-help
HTTP Error: 403 when submitting a sitemap to the google search console using a pages
I am experiencing an HTTP Error 403 when attempting to submit a sitemap to the Google Search Console for my website on Cloudflare Pages. Upon submission, Google returns a 403 error. it only seems to happen if u use pages, when using GitHub or Nginx it seems that the problem doesn't come up Any ideas on how to fix this?
5 replies