Hi Team,
I have an ASP.NET Core 5 application with CORS enabled that works as expected locally, but not when hosted in an App Service. It does if I configure the allowed origins on the App Service itself, but by doing so I understand it overrides the application's policy, which isn't desired behaviour as it doesn't allow the same granularity of control we require.
Every literature I could find indicates that if the CORS config in the Azure portal is completely blank then the application would be responsible for handling these requests but that does not seem to be the case currently.
How can I completely disable CORS at the App Service level and let the application handle that itself?
Using resources.azure.com I can confirm that having the "cors" node omitted from the template, or set to the following, makes no difference whatsoever:
"cors": {
"allowedOrigins": [],
"supportCredentials": false
}
Any help greatly appreciated.
Best regards.
