Azure App Service (Node) CORS origins won't work no matter where I add them

Question

The Azure CORS settings doesn't seem to work at all unless I specify * any and all requests will return

"has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."

I've added my CORS http + https variants of both my production + dev environment frontend. I have also added them in the web.config.

<add name="Access-Control-Allow-Origin" value="https://LINK"/>
<add name="Access-Control-Allow-Origin" value="https://LINK/"/>

It is becoming extremely unpredictable and unreliable. The application is configured to allow all origins:

app.options('/', function(req, res) {
  res.setHeader('Access-Control-Allow-Origin', '*');
  res.setHeader('Access-Control-Allow-Methods', '*');
  res.setHeader('Access-Control-Allow-Headers', '*');
  res.end();
});

So it would send preflight data. Does azure CORS not send any preflight data? Am I better off just setting * everywhere and then managing things via the API myself? Will Azure not overwrite that configuration anyway? Am I stuck with no way of managing CORS?

score 1 · Accepted Answer · answered Apr 16 '19 at 10:02

Yes, definitely you can achieve it either by setting CORS headers from the Azure portal or by adding CORS headers from your App.

Here's how you can set it form azure portal.

Navigate to azure portal
Navigate to the app service you have created.
Click on CORS in the app.
Enter URL's in the empty Allowed Origins text box.
Click Save.

Azure App Service (Node) CORS origins won't work no matter where I add them

1 Answers1

Linked