I am managing CORS rules using an Azure APIM policy for my app service. The below policy is applied at the "all operations" level. At the API level it just uses insid
