Configure CORS by using Azure Resource Manager template

7
votes

I'm trying to set CORS rule for my storage account as suggested here under Configure CORS by using Azure Resource Manager tools: https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-cors-consume-javascript

by adding property cors:

    "resources": [
    {
        "type": "Microsoft.Storage/storageAccounts",
        "sku": {
            "name": "Standard_RAGRS",
            "tier": "Standard"
        },
        "kind": "Storage",
        "name": "[parameters('storageAccounts_teststoragejkjk_name')]",
        "apiVersion": "2016-01-01",
        "location": "westus",
        "tags": {},
        "properties": {
            "cors": {"allowedOrigins": ["*"]}
        },
        "resources": [],
        "dependsOn": []
    }
]

Deployment returns succes and I can see Write StorageAccount operation under Activity Log in Azure Portal but Cors Rules aren't added anywhere and when i download template from Azure it doesn't have this "cors property".

I also tried manually adding Corse Rule (i need it only on my Blob) and automation scripts (including deployment.ps) still looks the same...

Any suggestion on how to configure Cors rule on blob storage using ARM templates?

5
azurepowershellcorsazure-storage-blobsazure-resource-manager

5 Answers

3
votes

What is your deployment client? If you are using Powershell to deploy ARM (w you probably are) why not use Set-AzureStorageCORSRule?

PS C:\>$CorsRules = (@{
AllowedHeaders=@("x-ms-blob-content-type","x-ms-blob-content-disposition");
AllowedOrigins=@("*");
MaxAgeInSeconds=30;
AllowedMethods=@("Get","Connect")},
@{
AllowedOrigins=@("http://www.fabrikam.com","http://www.contoso.com");
ExposedHeaders=@("x-ms-meta-data*","x-ms-meta-customheader");
AllowedHeaders=@("x-ms-meta-target*","x-ms-meta-customheader");
MaxAgeInSeconds=30;
AllowedMethods=@("Put")})

PS C:\> Set-AzureStorageCORSRule -ServiceType Blob -CorsRules $CorsRules

7
votes

As @JBA pointed out this now works via ARM templates.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "name": "storageAccountName",
      "apiVersion": "2018-02-01",
      "location": "northeurope",
      "kind": "StorageV2",
      "sku": {
        "name": "Standard_LRS",
        "tier": "Standard"
      },
      "tags": {},
      "dependsOn": [],
      "properties": {
        "accessTier": "Hot"
      },
      "resources": [
        {
          "name": "default",
          "type": "blobServices",
          "apiVersion": "2018-11-01",
          "dependsOn": [
            "storageAccountName"
          ],
          "properties": {
            "cors": {
              "corsRules": [
                {
                  "allowedOrigins": [
                    "https://mywebsite.com"
                  ],
                  "allowedMethods": [
                    "GET"
                  ],
                  "maxAgeInSeconds": 0,
                  "exposedHeaders": [
                    "*"
                  ],
                  "allowedHeaders": [
                    "*"
                  ]
                }
              ]
            }
          },
          "resources": []
        },
        {
          "type": "blobServices/containers",
          "apiVersion": "2018-03-01-preview",
          "name": "[concat('default/', 'myFilesToShare')]",
          "dependsOn": [
            "storageAccountName"
          ],
          "properties": {
            "publicAccess": "Blob"
          }
        }
      ]
    }
  ]
}
2
votes

I'm trying to set CORS rule for my storage account

I create a similar ARM template to create a storage account resource, I find that it seems not recognize/accept cors and other properties (such as val that I define) except accountType property.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": { },
  "variables": { },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2015-06-15",
      "name": "[concat('storage', uniqueString(resourceGroup().id))]",
      "location": "[resourceGroup().location]",
      "properties": {
        "accountType": "Standard_LRS",
        "cors": {
          "allowedHeaders": [ "*" ],
          "allowedMethods": [ "get", "post", "put" ],
          "allowedOrigins": [ "*" ],
          "exposedHeaders": [ "*" ],
          "maximumAge": 5
        },
        "val": "123"
      }
    }
  ],
  "outputs": { }
}

Besides, as we know, we could configure Cors setting for azure storage services (blob, table, queue and file shares), it seems that it does not enable us to configure Cors setting at storage account level directly while deploying storage account template. enter image description here

1
votes

Storage account CORS is currently not supported by the Storage Resource Provider, so it cannot be set via templates. As Fred points out, CORS can only be set on the service via the data plane API.

1
votes

I came across this thread when googling. It is now possible to set CORS on blob service of storage accounts through ARM template https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/2018-07-01/storageaccounts/blobservices

Have tested and it works