Cloudflare managed challenge for all subdomains

We have a frontend application running on Cloudflare Pages (ourapplication.com) and then backend services running in Google Cloud, proxied also via Cloudflare (backend.ourapplication.com).

We have set up a managed challenge for certain regions and it happens that the managed challenge is not invoked via the main application, but it is then invoked via API call to the backend service, which results in 403 errors.

Is there a way to handle these or enforce the managed challenge on the main application?

Solution

The key was to avoid managed challenge for OPTIONS requests, described here:

https://developers.cloudflare.com/waf/reference/cloudflare-challenges/#cross-origin-resource-sharing-cors-preflight-requests

Why does having a www CNAME in Cloudflare does not work and return Error 523
How to bypass Cloudflare bot protection in selenium
ngrok, allow anonymous access for specific routes
Python script for launching Chrome browser
Getting kex_exchange_identification: Connection closed by remote host from Github Action
Cloudflare --force build for React
S3 hosted website with Cloudflare returns 404 status code for any route
Does Cloudflare support stale-while-revalidate?
How to get Angular app working with Cloudflare Workers - Workers Sites
Is there a way to import .html file from JavaScript?
Can we set Cloudflare R2 cache-control max-age?
SvelteKit Stripe webhook handler not completing async operation - How to ensure execution? (Issue caused by Cloudflare)
How to click on "Verify you are human" checkbox challenge by cloudflare using Selenium
Extract ip and uag from Cloudflare cdn-cgi/trace text result using regex in JS
Run Cloudflare Workers while maintaining cached HTML delivery
How do I fix "MiniflareCoreError [ERR_RUNTIME_FAILURE]: The Workers runtime failed to start" error in CloudFlare Wrangler?
How do I upload an image to Cloudflare Images from Node.js?
How to ensure that a request is really proxied by CloudFlare?
Cloudflare Python Worker Code for Executing Python code
Python Scraper Unable to scrape img src
Issue with Websockets (WSS) server implemented in Python
Github/Cloudflare Website With A PhaserJS Web Game Not Updating Online
A GitHub Page website when having a custom domain redirects too many time. How to identify the bug?
A message "The change you wanted was rejected" was generated during the registration process - Ruby on Rails, Heroku, Cloudflare
JS Syntax Error after deploying to CloudFlare
Rewrite URL via htaccess when request header has a specific value
Changing ng-turnstile Width or Height
HTTP 103 Early Hints: How to diagnose if they are correctly set by Cloudflare and respected by Chrome?
Cloudflare managed challenge for all subdomains
"Access denied | <url> used Cloudflare to restrict access" GET request Postman