How can I (simply) enable CORS on my Azure webrole API

Question

I have an Azure webrole which is running an API service. I'm trying to enable CORS so that the API can be consumed by browser scripts. There are a quite a few questions that refer to enabling CORS on web-api applications but I haven't found one that gives an answer for webroles.

I've tried adding the magic customheaders block from this answer to my web.config but that doesn't work.

This document from Microsoft implies that the Microsoft.AspNet.Cors nuget package may be used but it's unclear to me how to get hold of the HttpConfiguration from within a webrole OnStart method. It also seems odd that I have to decorate every one of my API methods. Is there not a single 'switch' I can flick to enable CORS for the entire service?

Related questions...

What's the easiest way to verify that CORS is actually enabled? At the moment I'm using a Blazor PostJsonAsync call and relying on that to pass but it's getting pretty tedious repeatedly reconfiguring and uploading the role to Azure to try out changes.
Bigger question...am I fighting against the tide using a webrole? Much of the documentation refers to web-api and web-apps. Maybe these are the future and webroles are deprecated?

`Maybe these are the future and webroles are deprecated?` - You can say that the web roles are being deprecated and in general the preference is to switch to WebApps if possible. If you're building new applications, then you should try to use WebApps as much as possible unless there's a need for you to have complete access to the underlying VMs (like installing some custom software etc.). Then you should consider using web roles (or may be look at Service Fabric). — Gaurav Mantri, Apr 21 '18 at 10:15
Thanks Gaurav. That's very helpful. In my case the webrole is literally just an API wrapper around a common library so moving over to a webapp may be the path of least resistance. — NeilMacMullen, Apr 21 '18 at 10:28

score 1 · Accepted Answer · answered Apr 21 '18 at 19:48

I would also recommend moving over to webapps. However, you might also get it to work with web roles and how you apply cors there also works for webapps if you use OWIN.

You might host your API in the web role like this:

https://learn.microsoft.com/en-us/aspnet/web-api/overview/hosting-aspnet-web-api/host-aspnet-web-api-in-an-azure-worker-role

This gives you the HttpConfiguration you need (Startup.cs).

It also seems odd that I have to decorate every one of my API methods. Is there not a single 'switch' I can flick to enable CORS for the entire service?

You can use an ICorsPolicyProvider to enable it everywhere:

// in startup.cs
config.EnableCors(new AllowAllCorsPolicyProvider());

public class AllowAllCorsPolicyProvider : ICorsPolicyProvider
{
    readonly CorsPolicy _CorsPolicy;

    public AllowAllCorsPolicyProvider()
    {
        _CorsPolicy = new CorsPolicy {AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true};
    }

    public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        return Task.FromResult(_CorsPolicy);
    }

Thanks Alex - I've marked this as the answer since it seems to contain the required information though future readers should treat it with a little caution since I decided to go down the webapp route and abandon the webrole. Enabling CORS for an Azure web-app is extremely simple - in the Azure portal, look for the 'CORS" section (under "API" and add "*" (without quotes) in the "allowed origins" list — NeilMacMullen, Apr 22 '18 at 10:54
I agree that one should use webapps wherever possible. BTW you did not mark it as the answer(upvote), but that is ok ;-) — Alex AIT, Apr 22 '18 at 14:16

How can I (simply) enable CORS on my Azure webrole API

1 Answers1