Azure
[Known Issue]: Disabling CORS on SWA does not seem to work
What happened?
Not sure if it is a static web app issue rather than DAB, but lets start here since it is an API I am trying to build.
I have been following https://learn.microsoft.com/en-us/azure/data-api-builder/ to set up my DAB, using an Azure database and azure static web app, everything is pretty much by the book.
But I need to disable CORS for my API, and the "origins" setting in the staticwebapp.config.json file does not seem to do anything. I have tried many different formats, but I think this would be the right way:
host": { "mode": "production", "cors": { "allow-credentials": false, "origins": ["*"] }
Also trying to add custom headers does not seem to have any effect: https://learn.microsoft.com/en-us/azure/static-web-apps/configuration#global-headers
The error message I get in the console is pretty straight forward: Access to fetch at 'https://my-irl/data-api/rest/SalesOrder' from origin 'https://mywebpage' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
It works from postman, but when I want to use the API from a web page I get CORS issues (as I should, but I would like to turn it of, of allow specific URL:s.
According to a post over at https://stackoverflow.com/questions/77933678/cors-issue-with-graphql-endpoint-hosted-with-azure-static-web-app-data-api-build/78517626#78517626 someone states that there yet is not support for this?
Version
latest
What database are you using?
Azure SQL
What hosting model are you using?
Static Web Apps (SWA)
Which API approach are you accessing DAB through?
REST
Relevant log output
No response
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
