Azure Function Cors with AAD
I'm having a strange problem with CORs on my Azure Functions App
I currently have an Azure Function App, that is secured by Azure Active Directory. This API the provides data to an authenticated SPA, written in Angular 7 and uses the MSAL (1.4.1) library for authentication. The SPA is hosted on an Azure Storage Accounts static website and is matched to a custom domain with a CDN.
I have a similar set up on 2 other sites and they work great, only difference is authentication, but I don't think that is the issue as I can login ok and access graph endpoints.
The site works great running locally but fails when I run in production (the static website).
This is my CORS page:
Yet this is my error:
Access to XMLHttpRequest at 'https://login.windows.net/GUID/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Forpheusapiv2.azurewebsites.net%2F.auth%2Flogin%2Faad%2[CODE]' (redirected from 'https://orpheusapiv2.azurewebsites.net/api/v2.0/FUNCTION_NAME') from origin 'https://orpheus.langladecapital.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Adding https://login.windows.net to the CORS list doesn't help and nor does just accepting a wildcard ("*")
Any ideas?
Thanks Jim, I'm using MSAL 1.4.1 already?
@ChrisA Since you use angular, you can directly use package
@azure/msal-angularto integrate Azure AD : github.com/AzureAD/microsoft-authentication-library-for-js/tree/….It wasn't the fix but it led me to try and push the sample to my production site which worked and then I realised I had some formatting bugs in my set up code!