Edit 2022/1/18: Not sure if it is the new version 0.3.0, or if a cloudflare setting was changed, but all is well now.
When using the single PHP www.files.gallery app, CORS policy in the browser is blocking requests to https://auth.photo.gallery, either due to a missing 'Access-Control-Allow-Origin' header, or auth.photo.gallery returning a 404.
The error message from the console:
Access to XMLHttpRequest at 'https://auth.photo.gallery/' from origin 'https://<url>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm not sure if this is an issue with cloudflare, or auth.photo.gallery, as the return is a 404. Cloudflare does appear to be returning some headers, but not complete.
Here is output from curl over ipv4.
Here is output from curl over ipv6.