Azure API Management CORS Issue

Question

I'm running into a weird issue with Azure API Management that is in front of a ASP.Net Core Web API running in an App Service.

There are a few endpoints (PUT and PATCH) where I am gettings a CORS error when we go through the API Management but I'm not doing anything in API Management regarding CORS it's all being handled in the by the ASP.NET Core App.

I have verified that bypassing the API Management Service and having the front end communicating directly to the app service this issue doesn't happen.

The Policies In API Management

<policies>
    <inbound>
        <base />
        <set-backend-service id="apim-generated-policy" backend-id="xxxxxxx" />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Any help would be appreciated.

kgalic kgalic · Accepted Answer · 2020-04-17T15:15:23

Maybe try to add cors policy in the inbound flow that allows your frontend endpoint, per example below:

    <cors allow-credentials="true">
      <allowed-origins>
        <origin>http://frontend.com</origin>
      </allowed-origins>
      <allowed-methods>
        <method>PUT</method>
        <method>PATCH</method>
      </allowed-methods>
      <allowed-headers>
        <header>content-type</header>
        <header>accept</header>
      </allowed-headers>
    </cors>

Azure API Management CORS Issue

1 Answers