I get an error saying “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”
How can I make sure my origin server is not exposed to internet at all?
Can I customize my domain by adding a logo from an http url?
Can I use access to secure applications with second level subdomain URL?
Yes. Make sure your SSL certificates cover the first and second level subdomain. Most certificates only cover the first level subdomain and not the second. This is true for most of the Cloudflare certs. To cover the second level with a CF cert you would select the “Custom Host names” options for Dedicated SSL.
What is the order of policy enforcement?
Access will evaluate all
deny policies first and then evaluate the
allow policy. For example you have a policy to allow access to [email protected] but you also have a policy deny access to a group called contractors. If John is part of the contractors group, he would be denied access.
How can I remove Access from my site?
You can remove Cloudflare Access from your site by deleting all policies you have created for your application. To delete a policy, click on the ‘X’ button for that specific policy.