I’m trying to make a GET request in order to query data from Azure Search service. I am trying to follw this tutorial:https://www.dotnetcurry.com/microsoft-azure/cognitive-search-rest-apis-angular-app
How can I allow my domain to make a successful GET request without being blocked by CORS policy.
Is there a possible way or custom configuration on Azure to allow default sites to bypass this error? I have tried to add the API key as a parameter to the URL but the same problem raised again.
Thank you
You see this message because your browser blocks requests going to host samplecognitive.search.windows.net which is different from the origin localhost. You must tell Azure Search to send back a "Access-Control-Allow-Origin" header including localhost.
In the Overview tab of Azure Search Service go to "Indexes" and click on your index. Then go to "CORS". Add http://localhost:4200 and click "Save".
Related
I would like your feedback and opinion about using { FrontDoor + Appservices + Authentication + restrict access to FD only }
I do confirm I can set up all of this thanks to all contribution/ forums / blog found on the net. I can use my custom domain which request AD authentication and I am correctly redirect to my appservices (in browser: I see my custom domain name and never see any *.azurefdnet or *azurewebsites.net as expected).
The only problem is that I needed to use a custom domain to make it works. For production purpose it is acceptable to have a custom domain but for dev or test I wonder if we can do it without custom domain by simply keeping original address like *.azurefd.net and *.azurewebsites.net
I struggle to make it works without custom domain. I keep getting “too many redirection” message or ‘403 sites blocked’.
Does anyone success to do it ? My general configuration looks like
My backend is linked with my appservices
Details of my backend is:
I think my problem is with BackendHostHeader but not sure. When i used custom domain for my production it works. But remind i do not want to use custom domain for dev and test.
My route looks like
And finally my appservices is secure to allow frontdoor only
When my user goes to stackoverflo.azurefd.net they get AD authentication which is good but just after i get redirection to xxx.azurewebsites.net with 403 forbidden (which looks normal because of restriction to FD only).
I tried to change the backend host header by replacing by FD value but in this case i get a error with loop redirection.
Is it a feasible scenario without custom domain ?
Regards
PS: i configured Azure ADApp to allow reply url to my FD like stackoverflo.azurefd.net/.auth/login/aad/callback
Yes, you can Restrict the access to website without using Custom Domain.
Goto the Application you want to restrict the access in Azure Portal and select the Networking from left Pane, now click on Access Restrictions.
For complete information you can go through this Microsoft Documentation.
I've added my function app to API Management in Azure.
My function app has an undesirable name swanky-function-app - and I want to change it.
When API management mounts it, it gives it a default URI of /swanky-function-app which is undesirable.
When I change the URL field to something nicer such as /some-new-path, when I test it, it 404s.
How do I customize the URL without it 404ing?
If you are setting up in APIM, you just need to est the url suffix value if you want to change the url,
You can add a URL rewrite policy. Select the operation, go to "Inbound processing", add policy, choose "rewrite-uri". Fill in the original route in the backend field, for frontend it should already show the URL that you chose in the Frontend URL settings (shown in window above)
I don't think that's the way it should be, but at least it works
I have created three B2C applications:
TestWebApp
TestApiOne
TestApiTwo
Both API applications were created the exact same way. Web API access is enabled, reply URLs have been specified, an App ID URL has been assigned, and keys have been generated. Both APIs have an additional read and write scope.
In TestWebApp API access, I am able to add TestApiOne with all three scopes without an issue.
When trying to add TestApiTwo to the TestWebApp API access list, the operation fails with the following error.
Failed to add the API access. Reason: The B2C service has an internal
error. If you created this B2C directory just now, please try again
after couple of minutes. If the problem persists, please contact
Support
(https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-support/).
If you do not have a B2C directory you can refer
https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-get-started/
I thought maybe there is a limit of one API per application. To test, I created a temporary application "TempApp". I received the same error displayed above while trying to add API access for both TestApiOne and TestApiTwo.
Has anyone else experienced this issue?
There's not a limit of one API per application. I have done research and it works fine by my side.
Please have a look at the guide and check your steps.
I have tried to replicate the issues that you are facing by putting diff redirect reply url domains and also by making one application to be native and one normal web app but it doesn't help.
Could you try to delete all the webapps and try making 1 and then adding another to it.
Then create the 3rd one.
Please check this or if you can share some screen shots. That would be helpful.
You can definitely add multiple web apps to api access of one web app.
I am trying out the Azure AD-B2C. The user signup/sign in is fine when the MFA is turned off. But when I turn it on, and the user tries to sign in and provides the phone number, and requests a text message by clicking "send code", I get the Http 400 error: size of request headers is too long. Anybody else have this issue?
The error HTTP 400: Size of header request is too long generally happens because there's too many cookies.
Azure AD B2C's login goes through login.microsoftonline.com, as does almost every Microsoft service (O365, Azure, etc). So if you've got several accounts that you've signed in to across these services, you're accumulating cookies that will cause this problem.
Clearing the cookies should resolve this problem. If this is happening on a recurring basis, you should edit your question to include details about the request and cookies in order to best figure out what's bloating the request and how to reduce it.
Short answer: The file with the custom UI was not found by Microsoft login service. After getting shipped around it resulted in the error.
I had the same error with AAD B2C but "cookies" was not the problem. In my case I got the error while testing in the Azure B2C portal checking the policies and the custom UI pages. We use Azure Blob storage to hold custom login setup, its fast and it scales without our attention. The problem was found by using my test website using the B2C service. I put a stop/break on the Account controller's "public Task OnRemoteFailure(RemoteFailureContext context)" method. The debugger message gave me the full context of the error, an http 404 error and it gave the file name it was trying to find. Blob storage is case sensitive. The setup configuration used to configure B2C has camelCase names. The group who created the actual UI customization uses all lower case names. It took someone with access to all the assets to find the simple case name issue. Errors in distributed systems can be difficult.
I am trying to load content in a WebView in my Windows Phone 8.1 RT app. As per requirement, I need to fetch the content from database and render it in the WebView. The content is essentially an HTML document (with inline javascript and CSS) saved as a string in database. It also makes connection with mobile service.
I have added * in my mobile service's CORS whitelist. I also added null after discovering that it was required for the app's android and iOS counterparts.
I am using NavigateToString() method of WebView. It is not able to fetch data from azure because it sends about: as origin in the request header (possibly from about:blank). I need to add about: in whitelist but it won't allow because it says it is not a valid hostname. I added about* with no success. What should I add in CORS whitelist now, considering I already added *?
I'm assuming (slightly) that this is a WinJS application. It actually has nothing to do with Azure or your Mobile Service. It's got everything to do with the requirements within a WebView.
Review: https://msdn.microsoft.com/en-us/library/windows/apps/hh465373.aspx
That link provides the yes/no for your request - in a WebView you are doing a Web context. Note explicitly that you are doing Cross-Domain XHR requests are those are explicitly forbidden.