@Varske To prevent malicious code execution on the client, modern browsers block requests from web applications to resources running in a separate domain. Cross-origin resource sharing (CORS) lets an Access-Control-Allow-Origin
header declare which origins are allowed to call endpoints on your function app.
When you configure the Allowed origins list for your function app, the Access-Control-Allow-Origin
header is automatically added to all responses from HTTP endpoints in your function app. To configure the Allowed origins, you can traverse to respective function app and add the https://portal.azure.com/ in allowed list as shown in below image.