2

I'm setting up Azure Active Directory authentication for Azure Functions. Chrome gives me this error: Failed to load https://login.windows.net/fa7adf0d... &state=redir%3D%252Fapi%252FAuditGetAll' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

Here's Network tab How can I fix this problem?

Alexander Zhidkov
  • 531
  • 1
  • 5
  • 16
  • Have you checked [this](https://stackoverflow.com/questions/20035101/why-does-my-javascript-get-a-no-access-control-allow-origin-header-is-present)? – Jerry Liu Aug 24 '18 at 22:04
  • Do you have any update about this thread? If it is useful, you could mark it as an answer. – Tom Sun - MSFT Aug 31 '18 at 00:25

2 Answers2

0

CORS: login.windows.net origin is null

In your case, it seems that you need to config azure function CORS.

Cross-Origin Resource Sharing (CORS) allows JavaScript code running in a browser on an external host to interact with your backend. Specify the origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). To allow all, use "*" and remove all other origins from the list. Slashes are not allowed as part of domain or after TLD. Learn more

enter image description here

Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47
  • 2
    This doesn't help me with my problem. I have CORS set up in my function code like here https://blogs.msdn.microsoft.com/benjaminperkins/2017/04/12/azure-functions-access-control-allow-credentials-with-cors/ . But I can't set up CORS on redirect to windows authentication. I am not making that call, AAD does it. As far as I understand. – Alexander Zhidkov Aug 31 '18 at 01:26
  • Hi, did you solve this issiue? How did you solve it? – Berzi Wasfy Oct 10 '18 at 11:41
0

In order to avoid this error you need to get accessToken (on javascript side) and send it together with other headers when call AAD secured Azure function:

httpClient.get(apiUrl, SPHttpClient.configurations.v1, 
    {
        headers: {
        "Authorization": `Bearer ${token}`,
        'Content-type': 'application/json',
        'Accept': 'application/json'
        }
    }
)
alex
  • 187
  • 1
  • 9