I am having this error when submitting file:

Access to XMLHttpRequest at 'https://dd-demo.abc.com:8443/api/token' from origin 'https://dd-demo.abc.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How do i resolve this using Cloudflare?

Some article showing old Cloudflare interface and it doesn't quite work when using

PageRules 

with

Disable Security setting.

If possible I don't want to disturb the backend server setting.

You can configure CORS settings (and any other headers) in the Rules -> Transform Rules section. Here you need to go to the "Modify Response Header" tab and create a rule.

It should looks something like this (I didn't test that rule):

This is only example, and for production use you need to have https://dd-demo.abc.com as a value for Access-Control-Allow-Origin

You need to use the Rules feature in order to set the Access Control Allow Origin (CORS).

Here is how to proceed:

• Select your website in Cloudflare dashboard.
• From the menu on the left choose Rules > Transform Rules.
• In the middle of Transform Rules page, there is tab. Select Modify Response Header.
• Click on Create Rule.
• In the form fill in the values as follow:
  • Rule name: set a name you prefer.
  • If... : Choose Custom filter expression
  • Field: Select Hostname
  • Operator: Select Equals
  • Value: Add the name of the hostname (it would be dd-demo.abc.com in your example.
  • Then...: Select Set static. New form fields will appear.
  • Header name: enter access-control-allow-origin
  • Value: enter *

Then deploy the rule. You need to flush the caches afterwards for this header applies.

I tested this rule and it worked fine for my CDN.

P.S. you also can white-list the referrer website instead of wildcard the allowed list. In that case you can enter the list of the domains separated with comma (,) instead of *.

P.S. Thanks to @nmishin and this link on Cloudflare community.