![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 32%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Access to XMLHttpRequest at <<API endpoint>> from origin <<dev website>> has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,355 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Thanks for reaching out to Q&A.
The following settings that you have added already should resolve the CORS issue.
On Angular end added headers
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept'
and passing them in request.
On Function App, added CORS settings to "*"
However you are still seeing the cors issue. At times I have observed that browsers show as a CORS errors request that are not failing due to CORS. Example:
Browser -> OPTIONS request -> valid response -> Browser performs the request as CORS check was valid-> failure -> Browser shows CORS errors
What you need to do is to check if OPTIONS request returned as expected and then if there was a consequent request to the actual endpoint (HttpTriggered function on this case), and then if that one ended properly or if this one failed.
One quick test that can be done for confirmation purposes is to call the API from any HTTP Client, like Postman, Fiddler… with the same parameters, headers as your Static applicatin is doing. That will remove CORS from the equation since CORS is something that browsers do but it’s not any requirement for the endpoint to work.
Also check the function invocation logs in the Monitor section to see if there are any timeouts occuring. Please note that http triggered function has a 230 seconds timeout.
I hope this helps!
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.