Azure FD CORS issue

Raj Vel 1

I use FD for our backend API and it's a strange behaviour happening. with some protected networks , we get CORS issue.

"access to xmlhttprequest https://xxxxxx.azurefd.net/api from origin https://xxxxxx.com blocked by cors policy : response to preflight request doesnt pass access control check : no 'access-control-allow-origin' header is present on the requested resource."

I get this error only with protected network.i tried t disable the WAF and yet still same issue. Is there rule engine need to be configured ?

suvasara-MSFT 10,036 Reputation points

2021-12-10T06:18:29.847+00:00

@Raj Vel , what do you mean by protected networks here? Is there any situation/network where you can find the CORS issue has been eliminated?
CORS issue occurs when your webapp code CORS policy "access-control-allow-origin" header is not set to the right domain. In that case you can override that behavior by defining the exact header value in the Azure Front Door rule engine. Please provide a detailed info for further insights.
Raj Vel 1 Reputation point

2021-12-10T06:38:10.63+00:00

Yes...there is no CORS issue with public networks ( lets say mobile network/public wifi) but with protected network( lets say office wifi) facing this CORS policy issue. i have not configured any rule engine for my front door. Do i need to explicitly configure the header to resolve this ? since this issue comes only with some network dont know how to proceed on this.
suvasara-MSFT 10,036 Reputation points

2021-12-10T08:56:47.857+00:00

This needs a deeper investigation from the header side. Changing a network should not alter the origin header. Please do send a mail to azcommunity@microsoft.com for further analysis.

Share via

Azure FD CORS issue