![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,447 questions
@Amy Z Your policy looks good and it seems that the browser is blocking the request not the API management gateway. Can you test the same request from the postman/fiddler and verify if it succeeded. If the request contains headers that are not allowed in the "allowed headers" list, CORS headers will not be returned. You don't have to allow all headers, you can add the ones that are being passed with requests that need to be allowed and see if it resolves the issue.