Options / Preflight request returns 404 even if CORS is configured to allow requests from subdomains using wildcard (*)

Azure / azure-functions-on-container-apps

Docs , samples and issues for Azure Functions on Azure Container Apps

MIT License

74 stars 18 forks source link

Options / Preflight request returns 404 even if CORS is configured to allow requests from subdomains using wildcard (*) #64

Closed AkshayMorey-BB closed 1 month ago

AkshayMorey-BB commented 4 months ago

Which trigger/binding are you using? HttpTrigger

Which language are you using? C#

Expected behavior Options/Preflight request should succeed for subdomains added with wildcard (*)

Actual behavior Options/Preflight requests returns 404 if CORS is configured with wildcard (*) subdomain. The request succeeds if complete domain name is added.

Screenshots failed_config failed_req success_config success_req

raorugan commented 4 months ago

@AkshayMorey-BB - can you please provide resource details like Function App name and Resource id

AkshayMorey-BB commented 4 months ago

@raorugan This can be replicated on azure portal by creating a function with dotnet8-quickstart-demo image as well. The Test/Run for HttpExample function succeeds if "https://portal.azure.com" is added to CORS allowed origins, but fails - with the options requests returning 404, if allowed origin is changed to "https://*.azure.com".

v-shenoy commented 1 month ago

This is expected behavior. From the container apps documentation (link) you can see that the allowedOrigins property maps to the Access-Control-Allow-Origin property of the CORS spec.

Valid values for this property are:

- wildcard for matching all domains null - for matching none - for matching specific domains

This is due to container apps using envoy as the underlying proxy: docs