0

I have an Azure Functions App that I've deployed on IIS on a VM (don't ask why, I'll start crying).

Anyway, the functions are working perfectly fine, I checked with Postman. Now when I try to call the HttpTrigger functions through my Blazor App, I get a CORS error Preflight MissingAllowedOriginHeader.

On localhost, I was using CORS: "*" in local.settings.json and it was working fine. But on deployment it is not working.

Here's what I've tried so far:

  • Adding CORS: "*" in host.json
  • Adding the following in web.config:
 <cors enabled="true">
      <add origin="*" />
    </cors>
  • Adding custom header called Access-Control-Allow-Origin in Http Response Headers in IIS
  • Copying `local.settings.json` to output and including it in published files
  • Adding the following in web.config
<httpProtocol>
   <customHeaders>
     <clear />
     <add name="X-Powered-By" value="ASP.NET" />
     <add name="Access-Control-Allow-Origin" value="*" />
     <add name="Access-Control-Allow-Headers" value="Content-Type" />
   </customHeaders>
</httpProtocol>

But after each of those, the only thing that changes, is the error becomes PreflightInvalidStatus

For the life of me, I cannot figure out how to get it working.

Any help would be appreciated.

Much thanks

sand_that_can_think
  • 1
  • "I have an Azure Functions App that I've deployed on IIS on a VM". Nobody might be interested in why, but how did you do that? IIS CORS module and `` should work in all cases, but you didn't even mention what happened then. Responses to preflight requests can be seen in browser developer tools, so do take a look at them. – Lex Li Feb 27 '23 at 19:39
  • @LexLi I did mention what happens with IIS Cors Module: But after each of those, the only thing that changes, is the error becomes PreflightInvalidStatus – sand_that_can_think Feb 28 '23 at 03:56
  • Like I said clearly that you need to dig into the actual CORS responses in HTTP format, not merely an error code that means nothing at all. If that's not something you are familiar with, escalate to a senior guy in your team, or open a support case via https://support.microsoft.com. It is not feasible to study a lot of troubleshooting via a forum like this. – Lex Li Feb 28 '23 at 06:52
  • Hope this link can help you: https://stackoverflow.com/questions/68862503/cross-origin-resource-sharing-error-preflightinvalidstatus-in-azure-application. Of course, as the community member said, a professional's guidance would be more useful. – TengFeiXie Feb 28 '23 at 08:33

1 Answers1

0

I had the same issue mine was fixed by following these steps:

  1. Verify your CORS origins Okay, okay – sounds super basic, but maybe you have an issue with your CORS settings. So let’s verify the following:

  • You have either the URLs of the sites hosting your front-end code OR an asterisk (“*”) in the value

  • The URLs don’t end in a slash (“/”)

  • The URLs are separated by a comma (“,”)

  • The protocols of the URLs match (HTTP vs HTTPS)

You have “CORS”:”*” set for local development, but for Azure Functions configuration, you should have something like this:

"http://localhost:7071,https://azure-samples.github.io,https://localhost:44343,https://localhost:44364"
  1. Disable sending CORS credentials This should be false by default, but it seems to me that the Azure Functions CLI sometimes has trouble remembering the default values :) I don’t know what kind of internal magic this invokes, but setting the CORSCredentials key to false has removed the issue for me once or twice.

But what does the setting do? When enabled – set to true – it enables you to send authentication details – headers, cookies, certificates – in the cross-domain requests you perform. I’ve needed this, for example, to authenticate against a SignalR hub from the front end.

This should look somewhat like the below in the local.settings.json file:

{
"IsEncrypted": false,
"Host": {
"CORSCredentials": false
},
"Values": {
}
}

  1. Debug instead of running from the CLI If you’re not doing this already, try running the Azure Functions CLI as part of debugging your solution, and make sure you’re running it with DEBUG configuration!

  2. Take another look at the actual URL you’re calling… I’ve been bitten by this a couple of times now.

It sounds super basic, but you might just be calling the wrong address and the CORS error might just be something that gets thrown before you’d get a 404 (which would definitely be less confusing).

Coderrr
  • 1
  • 2