question

WayneTheron-3037 avatar image
0 Votes"
WayneTheron-3037 asked ·

api management (new developer portal) - octet-stream - gives cors error but other methods don't

on the old portal it opens the file and shows a portion of it in the output. On the new portal i get Unable to complete the request Since the browser initiates the request, it requires Cross-Origin Resource Sharing (CORS) enabled on the server . I was getting cors error for all calls until i added the policy as shown below (site masked for privacy) at the inbound global level

<cors allow-credentials="true"> <allowed-origins> <origin>mydevportallink</origin> </allowed-origins> <allowed-methods> <method>GET</method> </allowed-methods> <allowed-headers> <header>*</header> </allowed-headers> </cors>

Now all the methods work except one that produces a octet-stream sourced from a file created in azure blob. The backend api essentially sends a redirect to the file url. am i missing something in the cors config that will allow this to work?


dev tools trace - (hidden domains for privacy)

api-details#api=hidden&operation=query:1 Access to XMLHttpRequest at 'https://hidden.blob.core.windows.net/temp/temp/8b1e1a9b-da87-47a2-b749-74c755d0e269.csv?sv=2019-07-07&sr=b&sig=QrLJBdD0DvxsZjStgVbuwxYo0Hq2Ocdmi7h4twnmNE4%3D&se=2021-03-04T21%3A04%3A49Z&sp=r&rscd=attachment%3B%20filename%3D20210304%2017%3A04.csv' (redirected from 'https://hidden-apim.azure-api.net/query?data_area=hidden&output_format=csv&sample=false') from origin 'https://hidden-apim.developer.azure-api.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://hidden-apim.developer.azure-api.net' that is not equal to the supplied origin.

azure-api-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered ·

@WayneTheron-3037 Since your API is redirecting directly to Blob Storage, CORS has to be setup there as well since the browser makes the call directly. Check the official doc for setting up CORS for Azure Storage for more details.

The same can be set from the portal as well like below

74692-image.png



image.png (43.9 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.