This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 11%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hello everybody - I could really appreciate some help! I am rather new to the newer Azure offerings but I am attempting to stand up the Azure Wordpress service (I take it a wrapper basically around app service and what not). I opted to use the Azure blobstorage CDN with the W3 total cache plugin (I let Azure set this up - I did not do this manually).
So far it has been going decent, stood up easily, added my custom domain and then installed a custom theme.
That's when I have run into an issue - CORS errors to be specific.
On various css/font files I get errors like:
"Access to font at 'https://<removed for privacy>-endpoint.azureedge.net/blob<removed some for privacy>b5a9b/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf' from origin 'https://www.<my custom domain as added in the Wordpress app service custom domain UI in Azure portal>.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I have tried adding my custom domain (https://www.<my custom domain>.com) to the CORS setting in the Azure UI for the App Service and for the blobstorage account it generated in the resource group when I stood it up. I also tried adding the Azure generated domain for ("<removed for privacy>.azurewebsites.net") but no luck there either. These were all done with max age 0, Allowed headers = *, Exposed headers = *, Allowed methods = get/post/options (as clicked in UI) and tested in a Chrome private tab (no cache).
I don't mind configuring this but it seems like something the service should have done automatically when providing the custom domain in my opinion. Any help is most welcome!
Update #1 2/6/24 8:22PM EST: Some hours later after changing nothing more the CORS issues seem to be gone for now. I had previously restarted the app service after the above changes so I really have no clue why it seems to have taken hours to propagate.
Update #2 2/6/24 9:55PM EST: Actually while a lot of them are resolved there are still a couple CORS errors on a few .woff and .tff files on a load of my site I just checked so it looks like its not solved completely. (These fonts don't try to load until I scroll down so I didn't see they were still CORS erroring). They have the same method, origin url, etc. only difference is they are in the themes folder instead of the plugins folder of wp-content - which boggles my mind because CORS isn't that specific that I know of.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Hi @Shane H , I understand that you previously had CORS error but it's now gone.
You have set CORS in both App Service and Blob Storage Account configuration and it took a while (several hours) for CORS setting to take effect. I appreciate your update. Thank you.
Can you confirm that is the correct course of action for Azure Wordpress like this? Also should it have taken hours to propagate? I want to make sure I did it right.
Actually while a lot of them are resolved there are still a couple CORS errors on a few .woff and .tff files on a load of my site I just checked so it looks like its not solved completely. (These fonts don't try to load until I scroll down so I didn't see they were still CORS erroring). They have the same method, origin url, etc. only difference is they are in the themes folder instead of the plugins folder of wp-content - which boggles my mind because CORS isn't that specific that I know of.
Hi @Shane H, I suspect it's Wordpress web.config issue, please refer to: https://stackoverflow.com/questions/26224118/im-in-azure-cors-and-woff-hell
Can you please be specific how that unaccepted answer relates to this? I have seen that (and many many other things across the internet) before reaching out. And besides that answer is for IIS but as you must know Azure Wordpress runs on linux.
Can you please escalate to the appropriate team if you are unsure.
Hi @Shane H, as I mentioned before, this is an issue with Wordpress software. Please create a support request to Wordpress, if you have support contract with them. Thank you.
With all due respect that is just false. First off Azure Wordpress installs it automatically so if it is misconfigured that's still an Azure issue. Secondly CORS settings are Azure settings in 1) the app service and 2) the blob storage account created by azure wordpress.
If anyone else comes across this please disregard these misleading statements or you will waste your time.
Eventually what I found to work (which I am pretty surprised Azure Wordpress does not do automatically upon standing up an instance and more surprised both here and an Azure Support ticket that's been open for >1.5 weeks hadn't been able to help on):
Add your custom domain (https qualified with and without www) and the Azure domain assigned to your Wordpress app service to the CORS setting in Azure App Service settings.
Then in the storage account generated by Azure Wordpress (if you choose to let it setup Azure CDN - a checkbox when first setting up the service) I had to add CORS entries for both my custom domain and the Azure domain that gets auto-generated to the app service. I had allow all methods and wildcard (*) "Allowed Headers" and "Exposed Headers" and set "Max Age" to 0.
I'd accept my own answer as the answer but for some reason Microsoft Q&A doesn't allow you to do that.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Shane H I am sorry that you couldn't get much help from the community or from the support ticket. If you can share the support request ID, I can internally track it and connect with the support team, as needed.
However, I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!
Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept" the answer. Accepted answers show up at the top, resulting in improved discoverability for others.
Issue: Customer is using Azure WordPress with custom domain and Azure Blob storage CDN. On various css/font files and few .woff and .tff files, seeing CORS errors like:
"Access to font at 'https://<removed for privacy>-endpoint.azureedge.net/blob<removed some for privacy>b5a9b/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf' from origin 'https://www.<my custom domain as added in the Wordpress app service custom domain UI in Azure portal>.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Solution: Customer shared -
"Add your custom domain (https qualified with and without www) and the Azure domain assigned to your WordPress app service to the CORS setting in Azure App Service settings.
Then in the storage account generated by Azure Wordpress (if you choose to let it setup Azure CDN - a checkbox when first setting up the service) I had to add CORS entries for both my custom domain and the Azure domain that gets auto-generated to the app service. I had allowed all methods and wildcard (*) "Allowed Headers" and "Exposed Headers" and set "Max Age" to 0."