CORS for App Proxy
There should be CORS setting available on App Proxy just like we have the CORS available for App Services.
Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.
We’ve hit some roadblocks in our design for this feature and will need to re-evaluate options. To help us validate the scenarios we need to address, please continue to share feedback. We will update in the next couple months once we have a better idea of our timeline and approach.
We want to expose multiple RESTful APIs currently on-prem through Azure AD App Proxy to be consumed by various SPA's. On-prem works great, and the Azure AD App Proxy works to expose the SPA, but gives a 403 error when the CORS Pre-flight request fires. This prevents the SPA from gaining access to the APIs. Since the APIs in question already use Azure AD for authentication and authorization, I wonder what the risk in allowing passthrough for the Azure AD App Proxy Pre-Authentication to fix this issue?
We want to use a SaaS which needs to do a CORS access to a on-premise server.
This SaaS Application needs to run on mobile devices and on-premise. Because of the limitation of the app Proxy this doesn't work.
Our SharePoint Online portal leverages Application Proxy to consume various on premise resources. We currently use the hacked iFrame approach for authentication for all requests going thru App Proxy to get around this limitation. Its cumbersome and a maintenance nightmare. There's also unnecessary repeated behind the scenes activity/load in the browser until the user is authenticated. This needs to be looked at and addressed immediately before it becomes a major development hassle.
We are having the same issue in our organization. Exposing multiple resources that reference each other, but are then blocked because of this limitation.
can someone define "Soon". We are moving off of 2010 and need this for the new intranet via App Proxy. Please update.
John Atwood commented
You can work around this limitation by using an Azure Function Proxy to proxy your App Proxy App and set CORS allowed origins: