on the old portal it opens the file and shows a portion of it in the output. On the new portal i get Unable to complete the request Since the browser initiates the request, it requires Cross-Origin Resource Sharing (CORS) enabled on the server . I was getting cors error for all calls until i added the policy as shown below (site masked for privacy) at the inbound global level
<cors allow-credentials="true"> <allowed-origins> <origin>mydevportallink</origin> </allowed-origins> <allowed-methods> <method>GET</method> </allowed-methods> <allowed-headers> <header>*</header> </allowed-headers> </cors>
Now all the methods work except one that produces a octet-stream sourced from a file created in azure blob. The backend api essentially sends a redirect to the file url. am i missing something in the cors config that will allow this to work?
dev tools trace - (hidden domains for privacy)
api-details#api=hidden&operation=query:1 Access to XMLHttpRequest at 'https://hidden.blob.core.windows.net/temp/temp/8b1e1a9b-da87-47a2-b749-74c755d0e269.csv?sv=2019-07-07&sr=b&sig=QrLJBdD0DvxsZjStgVbuwxYo0Hq2Ocdmi7h4twnmNE4%3D&se=2021-03-04T21%3A04%3A49Z&sp=r&rscd=attachment%3B%20filename%3D20210304%2017%3A04.csv' (redirected from 'https://hidden-apim.azure-api.net/query?data_area=hidden&output_format=csv&sample=false') from origin 'https://hidden-apim.developer.azure-api.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://hidden-apim.developer.azure-api.net' that is not equal to the supplied origin.