Azure function limit to site collection

Cheng, Man Lam 21 Reputation points
2021-02-08T18:47:18.96+00:00

Hello all

I have a SPFx webpart calling Azure function api app to return data from Azure database. On the function app, I can setup AAD authentication and CROS to limit the origins to SharePoint root url.

Is there a way that I can limit the CORS (or using other method) to limit the call from a specific site collection? e.g. from mycompany.sharepoint.com/sites/A, but not from mycompany.sharepoint.com/site/B ? I deploy the webpart to the site collection catalog and would want the calls from that site only.

Thanks

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,353 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. Amos Wu-MSFT 4,051 Reputation points
    2021-02-09T01:43:38.087+00:00

    You could try to add the site collection URL where SPFX is located to the request body, then judge whether to accept the request after the azure function receives the URL value.

    this.context.pageContext.web.absoluteUrl  
    

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Trevor Seward 11,691 Reputation points
    2021-02-08T19:25:46.337+00:00

    Have you considered just writing that in as detection logic on the Function, i.e. if request is not from /sites/A, then reject?