The Azure Function API linked to the Static Web App has CORS enabled to only allow requests originating from the Azure Static Web App domain for security purposes. As such, it would not be possible to access the Azure Functions from another domain (such as localhost:44388).
When developing locally, it is recommended that you instead call the
(localhost:44388/api) route using the SWA CLI, as outlined in this doc: Set up local development for Azure Static Web Apps | Microsoft Learn
Just to clarify, could you let us know the purpose of the function app to retrieve the application settings? Is this for dev/test purposes or prod purposes? Please do share more details about your requirement.
Further, just to highlight, the App settings and connection strings are stored encrypted in Azure. They're decrypted only before being injected into your app's process memory when the app starts.
Checkout similar discussion thread: CORS on API portion of Azure Static Web Apps #108