While testing the API definition of my Azure Function (within the portal) I get this CORS error:
This is a cross-origin call. Make sure the server at ***.azurewebsites.net accepts POST requests from functions.azure.com. Learn more
I verified that this is listed as a CORS allowed origin within the function settings:
https://functions.azure.com
Am I missing something?
I cannot reproduce this on my side.
I added the following to ALLOWED ORIGINS:
The output in the Azure portal:
I also test it by making a POST request to the function in the browser via jQuery:
If you want us to dive into this problem you may need to provide detailed steps to reproduce.
The problem turned out to be the API definition. CORS was working fine although that was indicated as the problem in the error messages. The missing piece in the API definition was
security: []
which was missing in the POST section. I guess the security entry is required even if it's empty. It would've been nice if there was a warning that this was missing.
Related
Getting this error:
Access to fetch at 'https://myurl.azurewebsites.net/Player/1' from origin 'http://localhost:19006' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I'm not the first with this error, but I feel like I have tried everything that one can find through searching for the problem. I'm developing a web API with ASP.net core, that's supposed to communicate with my react-native frontend. Problem is, I cannot for the life of me get the connection to work.
In program.cs I have added
var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
builder.Services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
policy =>
{
policy.AllowAnyMethod();
policy.AllowAnyHeader();
policy.AllowAnyOrigin();
});
});
and
app.UseCors(MyAllowSpecificOrigins);
I have tried adding no cors to the method itself
[DisableCors]
[HttpGet("{id}")]
public List<Player> GetPlayers(int id)
{
return (from c in _context.Player.Take(1)
where c.PlayerId == id
select c).ToList();
}
I even deployed the server and database on Azure (I was supposed to sooner or later anyway) just hoping that would allow me to get it to work. The API runs fine if I visit the URL and run it through that one. It also works great if I host it locally and go through the web.
On Azure I've changed my cors settings to allow everything:
I can even access the API through expo web if I run it locally at the same time. But I need to be able to do it through my phone as well, or at least an android emulator. Neither of those works for neither a locally hosted server, or one that's on Azure.
How can I solve this?
Actually, shortly after setting my Azure cors settings, it did indeed start to work. Finally, I can at least demo it. Unfortunately, I still have no solution that solves it when hosting locally.
I cannot resolve this error, i have a .net core web api, with a react application inside of it ( net core react template )
I have also added cors:
services.AddCors(options =>
{
options.AddPolicy("AllowMyOrigin",
builder => builder.WithOrigins("https://localhost:44300")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
});
I have tried multiple things but i cant get past this error.
I have found loads of material online to try and nothing seems to work i feel like i am missing something really obvious?
Can someone point me in the right direction.
I expect that there should be an allow origin header:
I also tried using the Mosif browser extension to turn cors on, this stoped the cors error from showing but now i have a 404 (notfound ) on:
https://login.microsoftonline.com/tfp/domainname.onmicrosoft.com/b2c_1_sign_up/v2.0/.well-known/openid-configuration
You mention that you get an 404 error when opening the openid-configuration url. This means that part of your configuration is incorrect. You must be able to open this url in your browser and get back a JSON document. Copy it to a new tab and tweak it until you get back a result.
Please double check your configured policy and tenant name. The full url usually looks like this:
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=<policy-name>
https://login.microsoftonline.com/tfp/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
All of these are equally valid and can be used depending on your scenario.
The config should then look something like this:
authentication.initialize({
instance: 'https://tenantname.b2clogin.com/',
tenant: 'tenantname.onmicrosoft.com',
Another issue might be if your B2C tenant quite new, Microsoft could be blocking support for microsoftonline for your tenant. In this case, try switching to the b2clogin.com domain as your instance.
You can see a possible value for this url when opening the user flow in the Azure Portal.
As a sidenote, I would suggest switching to a different react library. The one you are using is not really being maintained. We are currently using https://github.com/syncweek-react-aad/react-aad
I put * in Cosmos Db CORS setting, but when I try to access via browser, I get the following error:
Adding the localhost:3000 fixed the problem, but my expectation was adding all origins with *. What am I doing wrong?
UPDATE: Even localhost:3000 shows that error message. This is the configuration screenshot:
As you see here, it should be possible with a simple configuration as mentioned here,
"allowedOrigins": "*"
I wanted to learn about Azure Functions and so created a one from the HttpTrigger-CSharp template in the portal.
Once the Azure Function was created I see a warning message in the Keys tab indicating that 'The Keys feature is not available because Authentication/Authorization is enabled for this Function App.'
Under 'Integrate', allowed HTTP methods are 'All methods', the mode is 'Standard' and the Authorization Level is 'Function'.
Under 'Manage', the error message is displayed for Function keys and Host Keys and the function state is enabled.
In the Settings of the Functional App itself, I navigated to 'Platform Features' / 'Networking' / 'Authentication / Authorization' and App Service Authentication is Off, contrary to the error message.
Where I attempt to Test the Azure Function, I get none of the expected messages in the log.
When I click on ' Get function URL', the function URL is empty.
Does anyone have any idea what is going on? Hopefully I am missing something simple.
It should be noted that I can create an Azure Function from the TimerTrigger-CSharp template and it runs successfully.
So this is a pretty big bug, you can follow this thread.
https://github.com/projectkudu/AzureFunctionsPortal/issues/1229
I encourage you to complain in that thread. Issue resolved.
There was an issue in the latest portal deployment. It has now been addressed. Please see https://github.com/projectkudu/AzureFunctionsPortal/issues/1229 for details.
We had the same issue, and it was a ui glitch and indeed has been resolved now as #david-ebbo mentioned.
Created custom provider that implements: OAuthProvider, IAuthWithRequest.
Created AuthenticateAttribute that calls PreAuthenticate() method of the provider.
Configured CorsFeature:
Plugins.Add(new CorsFeature(new[] { "http://localhost:23589", "*" },
allowCredentials: true,
allowedHeaders: "Content-Type, Allow, Authorization"));
Problem: when provider's Authenticate method is called to request a code from
"login.microsoftonline.com" (authService.Redirect(PreAuthUrlFilter(this, codeRequest)); ) the following error is thrown:
XMLHttpRequest cannot load https://login.microsoftonline.com/d331431b-899c-4666-8094-e82e6bfc3964/oaut…orts%2fpbi&scope=user_impersonation&state=f8e986304a47427d8c6a76767f2ef573. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:23589' is therefore not allowed access.
What is the correct way to:
Request an auth code from Microsoft
Get the code back in a query string
Request auth Token using the code
Authorization Code Grant Flow Diagram
Have a look at ServiceStack.Authentication.Aad. At a minimum this should offer a unit-tested reference implementation. Or perhaps you can use the NuGet package directly.
I encourage you to clone the repository where you can step through the stand-alone SelfHostTest as well as unit tests.
To my knowledge, CORS should not be necessary. I may be wrong. But in my implementation the JSON responses coming from Microsoft were handled by the server, not the web browser.
I'm sorry for not including a code sample in this response; it would be difficult to take a single snippet of code from that repository. The entire repository is the answer to your fundamental question.
Full disclosure: I'm the author of that plugin and garner Imaginary Internet Points for its use.