CORS header ‘Access-Control-Allow-Origin’ missing error for new Cloudfare domain
My frontend, registered to the playlistmoodevaluator.com domain on Cloudflare, routes to a React CRA-based app hosted on Render.
My backend, registered to the api.playlistmoodevaluator.com subdomain on Cloudflare, routes to a FastAPI python backend hosted on Fly.io.
The first request to my backend fails with Reason: CORS header ‘Access-Control-Allow-Origin’ missing, despite the fact that my FastAPI backend is configured with a CORS Middleware to accept requests from that frontend domain.
I ensured that my backend is configured to accept requests from my frontend, like so:
origins = [
"https://playlistmoodevaluator.com",
"https://www.playlistmoodevaluator.com",
]
app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
Here is a screenshot of the error:
As you can see in the screenshot attached below, this exact origin (https://playlistmoodevaluator.com), is expected by my backend’s Middleware and should be accepted. This process was working until I registered my domain with Cloudflare and started routing my traffic through my new domain.
I registered my Cloudfare domain in "Full" SSL mode, meaning that all domains/subdomains must use SSL/TSL (this is recommended).
I easily issued an SSL cert for my frontend (deployed on Render) that was registered to my main domain, but my backend (hosted on Fly.io) did not have an SSL cert issued for my subdomain. Thus my subdomain was routing to a non HTTPS-server, and the Cloudfare DNS was rejecting the traffic since the "Full" configuration requires HTTPS.
After going to Fly.io and issuing an SSL cert for my subdomain, my app worked as expected!!
tldr; if you use "Full" SSL mode for your DNS, both frontend and backend must have SSL certs issued for their respective domains!
- Unable to Connect to Azure PostgreSQL Database via Point-to-Site VPN with Azure Active Directory on macOS
- Why does dnsjava requires slf4j and logback?
- Nginx redirect http://www and naked http/https to https://www
- How can I update a non-windows DNS server A records from DHCP on a synology NAS
- How to query for deleted DNS A record in Azure
- Reset DNS Cache on Mac
- Unable to GET nginx welcome page from Hetzner Ubuntu 24.04. LTS server with custom domain and docker
- AWS domain setup in multiple organizations - handle prod environment separated from root
- Docker-compose container using host DNS server
- How to validade a AWS Certificate with Hostinger domain?
- CORS header ‘Access-Control-Allow-Origin’ missing error for new Cloudfare domain
- Using one Laravel app from different domains - building urls issue
- Can I use the subdomain in an address as a web service when the domain name itself contains a subdomain?
- Ubuntu Server as WLAN Router using NetworkManage and Netplan - How to get Router to DNS resolve its own hostname?
- Amazon S3: Static Web Sites: Custom Domain or Subdomain
- What does QD stand for in DNS RFC1035
- How to show IP of domain name in grafana?
- Do I need to move all my DNS records to Route 53 when I point Godaddy to their nameservers?
- AWS Route 53: cost of having a subdomain on another DNS provider than AWS
- ansible.posix.mount fails to resolve DNS when using variables
- Can I resolve a domain without a port?
- How should I temporarily redirect a website to a different domain?
- redirect to mirror website automatically?
- How can I create a Route 53 Record to an ALB? (AWS)
- Not able to verify squarespace domain for non-www-prefixed url in firebase
- The language is set from different domains with Polylang
- Reverse ip, find domain names on ip address
- Firebase Hosting Custom Domain - site not "Go Live" after update DNS records by "CNAME records" method
- Bicep adding DNS Records saying already exists when it doesn't
- Where is the PowerDNS (pdns) service log file?