Azure Application Proxy Cors Prelight Issue
Azure Application Proxy Cors Prelight Issue
I have MVC application which is accessed from external domain "https://example.com/ABC". There is code in application which construct URL for JQuery call to controller action method using "Request.Url.Host". "Request.Url.Host" picks internal domain which is "https://example-internal.com/ABC". Due to this, i am facing Preflight issue. I have so many such occurrences in code. I tried Translate URL "Application body" option but it didn't work. Is there any option to resolve this issue?
1 Answer
1
Below are some possible solutions:
Option 1: Custom Domains
Use the Custom Domain feature of the Azure AD Application Proxy, so you can use the same domain name and no changes to applications or headers are required. Thus the origin will continue to stay the same.
Option 2: Publish Parent Directory
Publish the parent directory of both applications. This works particularly well if you only have two applications on the web servers. Instead of publishing each application separately, you could publish the parent directory, that would result in the same origin.
App Published Individually
Instead publish the parent directory
The resulting URLs would be as below, effectively resolving your CORS issues.
https://corswebclient-allmylab.msappproxy.net/CORSWebService
https://corswebclient-allmylab.msappproxy.net/CORSWebClient
Option 3: Update HTTP Headers
Add the HTTP Response Header on the Web Service to match the Origin request. For example, below is how you could set it up for the websites running on the IIS.
This would also not require any change to the Code. You can also verify this in the Fiddler traces.
Post the Header Addition
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5 Microsoft-HTTPAPI/2.0
Access-Control-Allow-Origin: https://corswebclient-allmylab.msappproxy.net
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 17
Option 4: App Modification
Modify your application to add support for the CORS by adding the Access-Control-Allow-Origin header with appropriate values. The way to do this will depend on the language in which you wrote the application. This is the least recommended option since it requires more effort.
Reference: Understanding CORS Issues
Thanks for contributing an answer to Stack Overflow!
But avoid …
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
