question

pallab avatar image
0 Votes"
pallab asked MayankBargali-MSFT edited

Azure App Service CORS 403 Error , Request Method Options

I have configured App Gateway and the backend of my App Gateway has two apps, one Front End Web App and another Function App.
The function app is talking to a Databricks instance from another tenant and getting data.
I have an API app that is sitting between my Front End and Function App.

After doing custom domain name binding for both my FE and Function App and making the custom domain name same as the App GW Https listeners, i get rerouted to the Front End web app when i try to browse to the Front End App via App Gateway.

But i get to see this error in the browser after i hit F12.
In the API web app i have CORS enabled and the URL mentioned is that of the custom domain of the FE web app.
Any idea why this error is coming still
Request URL: https://contoso-qa-8234.azurewebsites.net/datahub/negotiate
Request Method: OPTIONS
Status Code: 403
Remote Address: 20.X.X.X:443
Referrer Policy: strict-origin-when-cross-origin

The remote address IP is that of the IP that i see for the Front End Web App when i go to Custom Domain in App Services192775-cors-error.jpg


azure-webappsazure-application-gateway
cors-error.jpg (69.1 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @pallab

You're getting a 403 in Preflight.
What authentication features does your web application or API implement?

0 Votes 0 ·
pallab avatar image pallab TakahitoIwasa ·

I have three apps (Front End, API and Function App) all in one App Service Plan. All the three apps have corresponding App Registrations. So the Front End is using OAUTH to get the token from AAD and present it to the API. I have changed the call back URL in the Front End App registration now to match with my custom domain FE Web App and the format of the callback URL now is : https://fe-qa.contoso.com/.auth/login/aad/callback. Initially this callback URL was the URL of the FE App Service and i was getting 404 denied because of that while using App Gateway. After changing this callback URL and making it similar to the App GW Listener Hostname and custom domain name, i can get the FE Dashboard page now

0 Votes 0 ·
pallab avatar image pallab TakahitoIwasa ·

Also in CORS for the API app, i have "Request Credentials" checked and i have two URLs added, one is for the actual FE *.azurewebsites.net URL and the other is my custom domain URL which is : https://fe-qa.contoso.com:443

0 Votes 0 ·

I have raised a ticket with you guys. What the support technician found out is when i go to "Diagnose and Solve Problems" and search with "Regional VNET Integration" i see the picture attached in the screenshot for all my three web apps (FE, API and Function).
My App Service Plan is a Linux one

I have disabled and renabled VNET Integration for the FE app, still no go
I have another project where i am using Windows App Service Plan. I did the same thing in that project and i can see Private IP allocated to the VMs when i go to the App Services193201-webapp-vnet-int.jpg


0 Votes 0 ·
webapp-vnet-int.jpg (91.8 KiB)

0 Answers