Cloudflare caches resources differently depending on the value of their Origin header, a header included in all CORS-dependent requests (i.e. fetch calls). This has two problems:
Detriment to FG: An extra request reaches FG's origin server for every new Origin that requests a file that it hasn't requested before, incurring extra bandwidth costs from our storage service.
Detriment to the FG user: When FG purges a file from Cloudflare's cache, it only purges files without an Origin header, so deleted or changed files don't get updated.
A solution could be to somehow configure Cloudflare not to cache requests with an Origin header at all, and instead let all requests be proxied through FG. Then for every request FG receives, it should request an ID-based endpoint (as opposed to path-based) which is cached unconditionally by Cloudflare, so that all requests are still routed through Cloudflare's cache independently of headers (or any parts of the request such as query parameters or URL format for that matter). FG would then have to not proxy received requests through an additional Cloudflare-routed request if the origin of the request was FG itself (to avoid an infinite loop), but be careful not to allow all requests to the ID-based endpoint to bypass the Cloudflare-routed proxy, because then it would fall to this issue's same problems whenever it's requested with an Origin header set.
Cloudflare caches resources differently depending on the value of their
Origin
header, a header included in all CORS-dependent requests (i.e.fetch
calls). This has two problems:Origin
that requests a file that it hasn't requested before, incurring extra bandwidth costs from our storage service.Origin
header, so deleted or changed files don't get updated.A solution could be to somehow configure Cloudflare not to cache requests with an
Origin
header at all, and instead let all requests be proxied through FG. Then for every request FG receives, it should request an ID-based endpoint (as opposed to path-based) which is cached unconditionally by Cloudflare, so that all requests are still routed through Cloudflare's cache independently of headers (or any parts of the request such as query parameters or URL format for that matter). FG would then have to not proxy received requests through an additional Cloudflare-routed request if the origin of the request was FG itself (to avoid an infinite loop), but be careful not to allow all requests to the ID-based endpoint to bypass the Cloudflare-routed proxy, because then it would fall to this issue's same problems whenever it's requested with anOrigin
header set.