Azure WebApp Cors does not add Cors headers

Question

I have an Owin WebAPI2 .NET app that I host on an AppService in Azure.

I want to add CORS support using Azure as in this article. It seems simple, you just add an Or

Answer 1

My problem was that I accidentally put http instead of https into Azure AD B2C custom page config blade ... After change to https it works like a charm.

CORS headers missing when deployed on Azure Web App / Azure API

Answer 2

You can achieve these by adding in your web.config bellow configuration:

<system.webServer>
     <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*"/>
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept,Authorization"/>
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
      </customHeaders>
    </httpProtocol>
</system.webServer>

In global.asax:

protected void Application_BeginRequest()
{
  if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
  {
    Response.Flush();
  }
}

If you want control from portal, please view bellow image:

Note, according with App Service CORS documentation you can not use both Web API CORS and App Service CORS in one API app. You have to clean your project about Web API CORS

Don't try to use both Web API CORS and App Service CORS in one API app. App Service CORS will take precedence and Web API CORS will have no effect. For example, if you enable one origin domain in App Service, and enable all origin domains in your Web API code, your Azure API app will only accept calls from the domain you specified in Azure.