api management (new developer portal) - octet-stream - gives cors error but other methods don't

Wayne Theron 1 Reputation point
2021-03-04T16:22:11.87+00:00

on the old portal it opens the file and shows a portion of it in the output. On the new portal i get *Unable to complete the request Since the browser initiates the request, it requires Cross-Origin Resource Sharing (CORS) enabled on the server *. I was getting cors error for all calls until i added the policy as shown below (site masked for privacy) at the inbound global level

<cors allow-credentials="true"> <allowed-origins> <origin>mydevportallink</origin> </allowed-origins> <allowed-methods> <method>GET</method> </allowed-methods> <allowed-headers> <header>*</header> </allowed-headers> </cors>

Now all the methods work except one that produces a octet-stream sourced from a file created in azure blob. The backend api essentially sends a redirect to the file url. am i missing something in the cors config that will allow this to work?

dev tools trace - (hidden domains for privacy)

api-details#api=hidden&operation=query:1 Access to XMLHttpRequest at 'https://hidden.blob.core.windows.net/temp/temp/8b1e1a9b-da87-47a2-b749-74c755d0e269.csv?sv=2019-07-07&sr=b&sig=QrLJBdD0DvxsZjStgVbuwxYo0Hq2Ocdmi7h4twnmNE4%3D&se=2021-03-04T21%3A04%3A49Z&sp=r&rscd=attachment%3B%20filename%3D20210304%2017%3A04.csv' (redirected from 'https://hidden-apim.azure-api.net/query?data_area=hidden&output_format=csv&sample=false') from origin 'https://hidden-apim.developer.azure-api.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://hidden-apim.developer.azure-api.net' that is not equal to the supplied origin.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,930 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pramod Valavala 20,611 Reputation points Microsoft Employee
    2021-03-05T06:19:37.627+00:00

    @Wayne Theron Since your API is redirecting directly to Blob Storage, CORS has to be setup there as well since the browser makes the call directly. Check the official doc for setting up CORS for Azure Storage for more details.

    The same can be set from the portal as well like below

    74692-image.png

    0 comments No comments