Hi all, I’m encountering an issue with Cloudflare Pages related to CORS. We use the same middleware

Hi all, I’m encountering an issue with Cloudflare Pages related to CORS. We use the same middleware to handle CORS across our routes, but some endpoints suddenly started having cross-origin request errors while others work fine. For example:

POST /api/login works without any problems

GET /api/userinfo returns CORS errors

There haven’t been any changes to the code, yet many requests are now failing due to CORS issues. Has anyone else experienced this or can admins help clarify what might be going on? Thanks in advance!

Xxiaolong01 Hi all, I’m encountering an issue with Cloudflare Pages related to CORS. We use ...

Isaac McFadyen•5/19/25, 8:22 PM

?crossposting

SuperHelpflare•5/19/25, 8:22 PM

Please do not post your question in multiple channels/post it multiple times per the rules at #

welcome-and-rules. It creates confusion for people trying to help you and doesn't get your issue or question solved any faster.

IIsaac McFadyen ?crossposting

xiaolong01OP•5/19/25, 8:25 PM

Yeah, I posted in another channel too since I wasn’t sure which one was the right place to ask. Sorry about that — just trying to get to the bottom of this CORS issue on Pages. Won’t spam further!

IIsaac McFadyen ?crossposting

xiaolong01OP•5/19/25, 8:27 PM

Just wondering — is it possible that Cloudflare Pages recently rolled out any changes related to CORS or edge behavior? I didn’t see anything on the status page, but we’re seeing CORS issues on routes that used to work fine without any code changes. Would really appreciate any insights, thanks!

Xxiaolong01 Hi all, I’m encountering an issue with Cloudflare Pages related to CORS. We use ...

Chaika•5/19/25, 8:40 PM

What's the response code/headers? Is it possible it's a waf block or something else?

Xxiaolong01 Just wondering — is it possible that Cloudflare Pages recently rolled out any ch...

Chaika•5/19/25, 8:41 PM

All future updates are going to Workers and Workers Static Assets instead of Pages, Pages is pretty much only in light maintenance mode

CChaika What's the response code/headers? Is it possible it's a waf block or something e...

xiaolong01OP•5/19/25, 8:57 PM

Thanks for the follow-up! I just checked again — for the failing request, the browser console only shows a "CORS error" with no actual status code returned. It seems the request was blocked at the browser level, likely due to missing CORS headers. So I can't see whether it's a 403 or something else from the server.

This behavior is inconsistent across routes, which all go through the same CORS middleware on our side. That’s why I’m wondering if Cloudflare Pages might be treating certain paths differently or applying stricter rules (maybe WAF or edge caching changes?).

Xxiaolong01 Thanks for the follow-up! I just checked again — for the failing request, the br...

Chaika•5/19/25, 8:57 PM

You should be able to see in network utils more info about the request, in all browsers, I think

Chaika•5/19/25, 8:58 PM

but it looks like this isn't a Pages thing but part of a wider new cdn platform rollout, issues with CORS errors being stripped, other community members already escalated

CChaika You should be able to see in network utils more info about the request, in all b...

xiaolong01OP•5/19/25, 9:04 PM

I did a capture using Charles, and I can confirm the OPTIONS request returns 200, but the response body looks like corrupted or binary content (not a valid CORS response). Seems like a CDN-level issue, as you mentioned.

Xxiaolong01 I did a capture using Charles, and I can confirm the OPTIONS request returns 200...

Isaac McFadyen•5/19/25, 9:05 PM

Yup, it's been escalated internally

Isaac McFadyen•5/19/25, 9:05 PM

Thank you for reporting.

IIsaac McFadyen Yup, it's been escalated internally 😄

xiaolong01OP•5/19/25, 9:13 PM

Thanks again for confirming it’s been escalated!

Just wondering — is there any rough ETA on when this issue might be resolved, or at least stabilized? We’re seeing quite a few production requests fail due to this, so trying to plan whether we should wait or implement a temporary workaround with Workers.

Appreciate any insight!

Xxiaolong01 Thanks again for confirming it’s been escalated! 🙏 Just wondering — is there an...

Isaac McFadyen•5/19/25, 9:14 PM

No idea about a time-to-resolution but eyes are on it internally and it's being investigated.

xiaolong01OP•5/19/25, 9:18 PM

If we migrate to Workers, will the same issue occur? Currently, we have a relatively high number of failures. If Workers don’t have this problem, we can migrate part of the workload there first. If the issue still exists on Workers, then we can consider other solutions.

Xxiaolong01 If we migrate to Workers, will the same issue occur? Currently, we have a relati...

Chaika•5/19/25, 9:19 PM

no, it's cdn level so it effects any origin

Chaika•5/19/25, 9:19 PM

it's a wider issue though, like ~30 reports on the forums, shouldn't be too much longer til it's fixed.
You could try using Transform rules add response headers to add the cors headers, not sure if that gets around it, haven't tried

CChaika it's a wider issue though, like ~30 reports on the forums, shouldn't be too much...

xiaolong01OP•5/19/25, 9:23 PM

Okay, thank you for your answer.

Xxiaolong01 Thanks again for confirming it’s been escalated! 🙏 Just wondering — is there an...

Peps•5/19/25, 9:44 PM

https://www.cloudflarestatus.com/incidents/nr3qlpp9xbfd

cc @l422y

A fix has started to roll out so you should be seeing a improvement

CORS Headers Set Incorrectly For Certain Free Zones

epuerta•5/19/25, 9:59 PM

quick question

if i have a nextjs on workers with opennextjs and also a workers entrypoint for agents

do service bindings work on the nextjs side? I've been getting errors where it fails to pick up the service bindings unless Its part of my hono backend where the agents are defined

I merged my frontend and backend in one workers project to avoid having that split and use service bindings like agents on the nextjs side

Tusike•5/19/25, 10:30 PM

Hi!

I'm working an a tutorial app and have been looking for a solution to host probably a maximum of around 1000-2000 video clips and serve them on a website. The videos are usually 10-20s long so can easily fit within ~5-10MB. I've been looking into R2 to avoid egress fees, but had difficulties figuring out how to do it securely so that someone can't just call my worker to request videos millions of times (since even if I add some authentication to the worker to avoid R2 requests, the worker invocation still incurs fees I think).

Then I ran across static assets. Am I missing anything or are these really the perfect solution for my use-case? The limits are 20k files and 25MiB individual size, which are above my requirements. And then the help page says there are never any request limits, so I'm totally safe and this remains free even if I expose the worker to a public URL? How does cloudflare know that my worker is returning a static asset and I shouldn't be charged (e.g. can the worker also do extra logic to determine whether to send the requested video or not)?

TTusike Hi! I'm working an a tutorial app and have been looking for a solution to host ...

Chaika•5/20/25, 1:04 AM

Static assets are meant for websites/html, not video.

I've been looking into R2 to avoid egress fees, but had difficulties figuring out how to do it securely so that someone can't just call my worker to request videos millions of times

If you use an R2 Custom Domain and force cache, you don't pay for any cache hits, so calling the same video a lot = free to you

Tusike•5/20/25, 1:05 AM

I don't see anything preventing me from hosting my entire website with the videos included as assets as a static website though. I tested it out and wrangler dev worked fine.

Original message was deleted

Chaika•5/20/25, 1:06 AM

Not with Cloudflare Pages without adding your own worker running in front of all requests, but you can with Static Assets and html handling: https://developers.cloudflare.com/workers/static-assets/routing/advanced/html-handling/

Cloudflare Docs

HTML handling

How to configure a HTML handling and trailing slashes for the static assets of your Worker.

TTusike I don't see anything preventing me from hosting my entire website with the video...

Chaika•5/20/25, 1:10 AM

It's relatively clearly outlined against the ToS for Pages which does the same thing, and It could be interpted a against the ToS for Static Assets since it's not one of the products listed as usable to serve non-Html Content
https://www.cloudflare.com/service-specific-terms-developer-platform/#developer-platform-terms
* not a lawyer, not legal advice, the team has clarified before though it's very much not chill to use Pages that way, and Static Assets isn't any different in the way it works
R2 is the product intended to be used that way, Static Assets is for websites

Original message was deleted

Chaika•5/20/25, 1:13 AM

Pages Functions are basically a Syntactic sugar layer on top of Workers, where wrangler compiled them into a single file and handled routing for it. You'd just do the same logic inside of a worker directly, and static assets are automatically picked where the path matches the asset (effectively...)

CChaika It's relatively clearly outlined against the ToS for Pages which does the same t...

Tusike•5/20/25, 1:15 AM

So I was missing something.. :/ it sounded too good to be true

I wish the limitation was mentioned on the static assets help page, to me it really feels that a video can be a static asset to a website and then R2 is for more dynamic things e.g. having users upload their videos.

Tusike•5/20/25, 1:16 AM

I'm also not a lawyer so it's not clear to me which part of the terms of service applies

TTusike So I was missing something.. :/ it sounded too good to be true 😅 I wish the li...

Chaika•5/20/25, 1:18 AM

I mean if they're embedded in the website/only viewable through the website, and you're not serving them externally as part of other apps/etc (as a file locker, effectively), then you're more in the gray
Cloudflare uses words like "disproportionate percentage of pictures, audio files, or other large files", and the reality is they're not going to care until/unless your usage becomes enough to care about, but gets iffy
https://blog.cloudflare.com/updated-tos/ outlines some of it
Generally before the pages team and such gave guidance like "if they're big images but part of a portfolio web page (and not being mass downloaded as part of an external tool/cdn/etc), then it's being used for a web page/website/images on your site and fine" but that was before some of these ToS changes as well, eh

Tusike•5/20/25, 1:23 AM

~~I don't know what I'm missing but I can't find that wording in the ToS pages or the other website you linked, the first I read manually and in both I tried CTRL-F~~ nevermind I found the right page
But I understand it might not be the intended use

Tusike•5/20/25, 1:23 AM

R2 still makes me worried of messing something up and waking up to a huge bill, that's why I was excited for these static assets

Tusike•5/20/25, 1:25 AM

Based on the help pages, it even seemed that I can use a worker to serve the files anywhere (the worker can just return a static asset, it doesn't have to be a website even), as a returned result, e.g. not just for a website but also a mobile app

TTusike R2 still makes me worried of messing something up and waking up to a huge bill, ...

Isaac McFadyen•5/20/25, 1:49 AM

There's been many employees here as well as a public blog post clarifying that R2 is perfectly OK to serve large content like videos/images.

IIsaac McFadyen There's been many employees here as well as a public blog post clarifying that R...

Tusike•5/20/25, 2:41 AM

That's reassuring thank you, I guess I'll read more into it, maybe I'm just worried due to not really understanding the details of how it all works. I tried going through cloudflare's support to get clarity on static assets though, I think in the end they just redirected me to another community forum but I hope I'll get an official answer there.

Sgal Cheung•5/20/25, 6:24 AM

Hello, I have some trouble with Works here: https://github.com/withastro/astro/issues/13825

GitHub

<Image> in SSR page response 404 when deploy Cloudflare Works · Is...

Astro Info Astro v5.6.1 Node v18.20.3 System macOS (x64) Package Manager pnpm Output static Adapter @astrojs/cloudflare Integrations astro-icon set-prerender If this issue only occurs in one browse...

Sgal Cheung•5/20/25, 6:25 AM

The image response 404 Not Found!

ZachHandley•5/20/25, 5:17 PM

hey why would I get an error

SessionStorageInitError: Error when initializing session storage with driver `cloudflare-kv-binding`. `The module did not export a driver.`

SessionStorageInitError: Error when initializing session storage with driver `cloudflare-kv-binding`. `The module did not export a driver.`

in pages

ZachHandley•5/20/25, 5:17 PM

I have the session kv value set correctly

Norfeldt•5/20/25, 9:03 PM

Anybody got a working example of astro (started with cloudflare pages template) working with workflows?

I tried to set it up but hitting this strange issue (like some others https://www.answeroverflow.com/m/1301257946075758602) where it thinks my binding is "USER_WORKFLOW""USER_WORKFLOW" and not "MY_WORKFLOW""MY_WORKFLOW" (set in the wrangler.jsonc)

Cloudflare Workflows Binding Error in Astro Project - Cloudflare De...

Getting this error when trying to set up Workflows with Astro + Cloudflare adapter:

Worker "workflows:workflows-starter"'s binding "USER_WORKFLOW" refers to service "core:user:" with a named entrypoint "MyWorkflow", but "core:user:" has no such named entrypoint.

Worker "workflows:workflows-starter"'s binding "USER_WORKFLOW" refers to service "core:user:" with a named entrypoint "MyWorkflow", but "core:user:" has no such named entrypoint.

```ts

#:schema node_modules/wrangler/config-schema.json
name = "workflo...

Cloudflare Workflows Binding Error in Astro Project - Cloudflare De...

Aandifined.dev Hey I‘m trying to access workflows from within my astro project, but always gett...

Norfeldt•5/20/25, 9:09 PM

did you find a solution for it?

lucasp•5/21/25, 1:13 AM

hi im trying to deploy nextjs app on workers with @opennext/cloudflare
wranlger.json

{
  "main": ".open-next/worker.js",
  "name": "frontend",
  "compatibility_date": "2025-03-25",
  "compatibility_flags": [
    "nodejs_compat"
  ],
  "assets": {
    "directory": ".open-next/assets",
    "binding": "ASSETS"
  },
    "vars": {
    "AUTH_SCRET": "hzDTRm",
   ...
  }
}

{
  "main": ".open-next/worker.js",
  "name": "frontend",
  "compatibility_date": "2025-03-25",
  "compatibility_flags": [
    "nodejs_compat"
  ],
  "assets": {
    "directory": ".open-next/assets",
    "binding": "ASSETS"
  },
    "vars": {
    "AUTH_SCRET": "hzDTRm",
   ...
  }
}

i make the deploy When I try to enter the worker URL, the nextjs app throws me 500, and when I look at the logs, it throws me this

 "logs": [
    {
      "message": [
        "ReferenceError: WeakRef is not defined"
      ],
      "level": "error",
      "timestamp": 1747789785073
    },
    {
      "message": [
        " ⨯",
        "ReferenceError: WeakRef is not defined"
      ],
      "level": "error",
      "timestamp": 1747789785073
    }
  ],

 "logs": [
    {
      "message": [
        "ReferenceError: WeakRef is not defined"
      ],
      "level": "error",
      "timestamp": 1747789785073
    },
    {
      "message": [
        " ⨯",
        "ReferenceError: WeakRef is not defined"
      ],
      "level": "error",
      "timestamp": 1747789785073
    }
  ],

Llucasp hi im trying to deploy nextjs app on workers with @opennext/cloudflare wranlger...

James•5/21/25, 1:28 AM

WeakRef is a relatively new api to land in workers. Try setting your compat date to 2025-05-06 or newer to enable it. I’m not sure exactly which part of your app uses it, but if that’s the only issue it might resolve it!

NNorfeldt did you find a solution for it?

andifined.dev•5/21/25, 3:05 AM

No, didn‘t find a Solution yet

typedrat•5/21/25, 7:53 AM

Is there a way to set specific variables/secrets for preview URLs?

alex (he/him)•5/21/25, 8:55 AM

is there any way to point a service binding to a version uploaded with wrangler version uploadwrangler version upload
I want to point my preview frontend to my preview backend, both deployed from the same pr?