Share via

browser to Azure Attestation Service - CORS issue

Christopher Dancy 5 Reputation points
2023-11-08T16:30:55.9366667+00:00

This is a followup from the previous question regarding a cors issue. I am wondering how my domain can be whitelisted. I have server app running inside Azure Confidential Computing VM. It returns to the client (browser) JSON Web Token (JWT) signed by Azure Attestation Service. To verify it client has to pull certificates from Attestation Service. But Service endpoints do not have any CORS-related headers, so request from client app fails.

localhost/:1 Access to fetch at 'https://pocattestation.eus.attest.azure.net/attest/SgxEnclave?api-version=2020-10-01' from origin 'https://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. fetchHttpClient.js:83

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,016 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. vipullag-MSFT 26,487 Reputation points Moderator
    2023-11-13T04:48:43.7633333+00:00

    Hello Christopher Dancy

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    I reached out to internal team on this ask, MAA CORS is currently configured to trust specific list of domains. However, team has plans to make the CORS configuration open to all customers, but there is not ETA on this.

    I request you to send an email to AzCommunity@Microsoft.com with Subject as "Attn:Vikas" referencing this thread for further discussion on this.

    Hope this helps.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.