We are trying to get Azure app proxy to work and are running into CORS issues. We are using custom domains with split brain deployment. I have read through: Azure Application Proxy CORs and am currently on step 4 to just rewrite cors to work with out the wildcard below
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
Our web application has a frontend server hosted on IIS: https://frontend.company.com with the internal and external urls mapped to be the same urls as behind our company firewall.
We also have a backend server located on premises hosted on IIS and located at https://backend.company.com
We have set up two applications in app proxy to point to the respective servers where the internal and external match the urls we are using internally to the company.
I have tried var cors = new EnableCorsAttribute("https://backend.company.com", "*", "*")
and still get the cors issue. One thing I noticed is We are not getting the Response headers when going through Azure Proxy. Here is a picture of what it looks like internally and you can see access-control-allow-origin is set to *
The end goal is to be able to access this application externally. I can get the frontend to pull up html fine, and I can go directly to the swagger pages on the backend side just fine, but the two cannot communicate cross origin.
Below is what we see when accessing externally through app proxy:
We have tried to set web.config values, and remove values with pretty much every stack overflow article we can find.
Question is Does Azure or Azure App Proxy have any settings around allowing Access-Control-Allow-Origin settings to flow through? I dont have access to App Proxy, and am having to work with our cloud team to try different things. We have tried every combination of the Translate URLS mentioned here https://stackoverflow.com/a/60560675/1879992
Below is what we see externally and has the request headers missing
We have also read the official document and whitelisted our urls with the same response.
If I disable the chrome setting related to CORs the app comes up fine.
