401 Unauthorized happens only on my custom domain, works fine with tunnel domain
I’m running my app through Cloudflare Tunnel.
When I use the temporary tunnel domain provided by Cloudflare (like *.trycloudflare.com), everything works fine — the API calls return 200 OK.
But when I use my own custom domain with the same tunnel setup, the exact same requests fail and return 401 Unauthorized.
The server still receives the requests and I can see the headers in the logs, but validation fails only when going through the custom domain.
It looks like something in Cloudflare’s edge (WAF, cache, or security filters) is interfering with requests for the custom domain.
Could you please help me understand why the behavior is different between the temporary tunnel domain and my custom domain (both using Tunnel)?
0 Replies