cloudflare_load_balancer_pool: origins header silently ignored

[MouradFeddani]

Confirmation

• This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• I have searched the issue tracker and my issue isn't already found.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

1.14.8

Affected resource(s)

cloudflare_load_balancer_pool

Terraform configuration files

resource "cloudflare_load_balancer_pool" "example" {
  account_id = "your-account-id"
  name       = "example-pool"

  origins = [{
    name    = "origin-1"
    address = "backend.example.com"
    enabled = true
    weight  = 1
    header  = {
      "Host" = ["app.example.com"]
    }
  }]
}


This configuration applies cleanly with no error. However, the Host header override is silently dropped — the origin ends up with no header override.

The correct v5 format is:

resource "cloudflare_load_balancer_pool" "example" {
  account_id = "your-account-id"
  name       = "example-pool"

  origins = [{
    name    = "origin-1"
    address = "backend.example.com"
    enabled = true
    weight  = 1
    header  = {
      host = ["app.example.com"]
    }
  }]
}

Link to debug output

https://gist.github.com/MouradFeddani/e4405e34de7135ea307924b8b57640c5

Panic output

No response

Expected output

The origins header attribute in v5 is a typed object (not a generic map), meaning it has a defined schema with known attributes (e.g. host). By definition, a typed object should reject unknown keys at validation time.

When using "Host" = ["app.example.com"] (capitalized key, not matching any defined attribute), the provider should raise a validation error at plan time indicating that Host is not a valid attribute of the header object.

It should not silently accept an unknown key and drop the value to null. The whole point of using a typed object over a generic map is to enforce key validation, which is not happening here.

Actual output

The provider accepts the configuration without any error or warning. The plan shows the host header being set to null, silently removing the existing override:

~ header = {
    - host = [
        - "static-prod.domain-example.io",
      ] -> null
  }

After apply, the origin has no Host header override. No error, no warning, the value is silently dropped.

Steps to reproduce

1. Create a cloudflare_load_balancer_pool resource with an origin using "Host" (capitalized) as header key:

resource "cloudflare_load_balancer_pool" "example" {
  account_id = "your-account-id"
  name       = "example-pool"

  origins = [{
    name    = "origin-1"
    address = "backend.example.com"
    enabled = true
    weight  = 1
    header  = {
      "Host" = ["app.example.com"]
    }
  }]
}

2. Run terraform plan : no error, no warning
3. Observe in the plan output that header.host is set to null instead of the provided value
4. Run terraform apply : applies cleanly
5. Verify in the Cloudflare dashboard that the origin has no Host header override

Additional factoids

No response

References

#4828 : Related but different: explicit error on v5.0.0-alpha1 for origin header override. Our issue is about silent drop on stable v5 with no error.
#957 : Missing header in load_balancer_pool (older issue, v4 era)

[KaydeeDee]

Thank you for submitting an issue! This issue has been flagged for an internal Cloudflare team to take a look. If this is urgently blocking your development or deployment, please open a support case so we can serve you faster.