CORS Blocking Shopify App Proxy Requests

Hi,

I have a Remix app, handling wishlist functionality.
The API works in Postman, returning Access-Control-Allow-Origin: *.
However, in the browser, requests get blocked by CORS, with the error:
“No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

The API is accessed via Cloudflare and a Shopify app proxy (/apps/wishlist-guest).
What I’ve Tried:
:heavy_check_mark: Ensuring OPTIONS requests return proper CORS headers in Remix.
:heavy_check_mark: Testing without the app proxy (direct API calls work).
:heavy_check_mark: Adding “Access-Control-Allow-Origin”: “*” and other CORS headers.

Questions:
1️. Does Shopify’s app proxy strip CORS headers?
2️. Could Cloudflare be interfering with headers for browser requests?
3️. Any recommended fixes to allow browser requests to pass?

Would appreciate any insights from the team.

Thanks