Azure function limit to site collection

Cheng, Man Lam 21 Reputation points

Hello all

I have a SPFx webpart calling Azure function api app to return data from Azure database. On the function app, I can setup AAD authentication and CROS to limit the origins to SharePoint root url.

Is there a way that I can limit the CORS (or using other method) to limit the call from a specific site collection? e.g. from, but not from ? I deploy the webpart to the site collection catalog and would want the calls from that site only.


Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,353 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. Amos Wu-MSFT 4,051 Reputation points

    You could try to add the site collection URL where SPFX is located to the request body, then judge whether to accept the request after the azure function receives the URL value.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Trevor Seward 11,691 Reputation points

    Have you considered just writing that in as detection logic on the Function, i.e. if request is not from /sites/A, then reject?