Blog

NuxtHub and Cloudflare: edge CORS, D1 and KV bindings, and server routes that proxy to private origins

Hub routes run on Workers—public CORS must mirror what your SPA origin expects while secrets stay server-side.

Published: 2027-11-08Updated: 2027-11-101 min read

nuxtcloudflarecors

Preview deployments

Each preview URL may need its own Allow-Origin entry—automate with Hub environment variables.

D1 migrations during preview should not affect production CORS policies.

Edge request logs may omit Origin for malformed clients—correlate with RUM for user-facing CORS errors.

Cold starts on infrequent routes can delay OPTIONS—set client timeouts above p99 preflight latency.