How can we improve Azure CDN?

Correctly handle CORS with Range header

When browser sends a Range request to CDN, CDN downloads the entire file from origin, then serve the appropriate range to the browser. However, when serving the content range, it does not send the CORS header that is present in the origin, thus breaking cross origin requests.

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Li Huan JeowLi Huan Jeow shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Li Huan JeowLi Huan Jeow commented  ·   ·  Flag as inappropriate

        Below is LINQPad code for 2 requests. First request goes to blob storage. You can see that the blob is correctly configured for CORS, giving the output as "https://coursepad.com"

        The 2nd request goes to CDN from Verizon, accessing the same file. Accessing the CORS response header results in InvalidOperationException.

        For requests without Range header, the CDN works correctly with CORS. However, having the Range header causes CDN not to send CORS header for all subsequent requests (be it with or without Range header).

        var client = new System.Net.Http.HttpClient();
        var requestBlob = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://portalvhdsnrnbpx7x1mzv8.blob.core.windows.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
        requestBlob.Headers.Add("Origin", "https://coursepad.com");
        requestBlob.Headers.Add("Range", "bytes=918-919");
        requestBlob.Headers.Host = "portalvhdsnrnbpx7x1mzv8.blob.core.windows.net";
        var responseBlob = await client.SendAsync(requestBlob);
        responseBlob.Headers.GetValues("Access-Control-Allow-Origin").Dump();

        var request = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://az647590.vo.msecnd.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
        request.Headers.Add("Origin", "https://coursepad.com");
        request.Headers.Add("Range", " bytes=918-919");
        request.Headers.Host = "az647590.vo.msecnd.net";
        var response = await client.SendAsync(request);
        response.Headers.GetValues("Access-Control-Allow-Origin").Dump();

      Feedback and Knowledge Base