`/cdn-cgi/trace` endpoint no longer return CORS headers for some domains hosted on Cloudflare
This can be reproduced/validated through
Here are some example domains that has its "/cdn-cgi/trace" endpoint returnning the
- www.cloudflare.com
- cloudflarestream.com
- cloudflaremirrors.com
- pages.dev
- www.npmjs.com
- cf.bing.com
- registry.npmjs.org
- medium.com
- www.loc.gov
- nodejs.org
- chat.openai.com
- www.chess.com
- and many more...
Here are a few example domains that no longer returns the
- esm.run
- images.weserv.nl
- wsrv.nl
- use.fontawesome.com
- tailwindcss.com
- I actually have found more...
Is this an intentional change to the Cloudflare internal? If so, will it be deployed more and more domains in the future?
Or is it configurable with dashboard/API? If so, is it possible for site owners to toggle this?
Will
curl https://[domain]/cdn-cgi/trace -IHere are some example domains that has its "/cdn-cgi/trace" endpoint returnning the
access-control-allow-origin: *- www.cloudflare.com
- cloudflarestream.com
- cloudflaremirrors.com
- pages.dev
- www.npmjs.com
- cf.bing.com
- registry.npmjs.org
- medium.com
- www.loc.gov
- nodejs.org
- chat.openai.com
- www.chess.com
- and many more...
Here are a few example domains that no longer returns the
access-control-allow-origin: *- esm.run
- images.weserv.nl
- wsrv.nl
- use.fontawesome.com
- tailwindcss.com
- I actually have found more...
Is this an intentional change to the Cloudflare internal? If so, will it be deployed more and more domains in the future?
Or is it configurable with dashboard/API? If so, is it possible for site owners to toggle this?
Will
cdn-cgi/trace
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
