How can we improve Azure Active Directory?

← Azure Active Directory

CORS for App Proxy

There should be CORS setting available on App Proxy just like we have the CORS available for App Services.

Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.

More details - http://stackoverflow.com/questions/43955808/cors-prelight-issue

98 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Nitin Rastogi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • John commented  ·   ·  Flag as inappropriate

    We want to expose multiple RESTful APIs currently on-prem through Azure AD App Proxy to be consumed by various SPA's. On-prem works great, and the Azure AD App Proxy works to expose the SPA, but gives a 403 error when the CORS Pre-flight request fires. This prevents the SPA from gaining access to the APIs. Since the APIs in question already use Azure AD for authentication and authorization, I wonder what the risk in allowing passthrough for the Azure AD App Proxy Pre-Authentication to fix this issue?

  • Lukas commented  ·   ·  Flag as inappropriate

    We want to use a SaaS which needs to do a CORS access to a on-premise server.
    This SaaS Application needs to run on mobile devices and on-premise. Because of the limitation of the app Proxy this doesn't work.

  • Jay commented  ·   ·  Flag as inappropriate

    Our SharePoint Online portal leverages Application Proxy to consume various on premise resources. We currently use the hacked iFrame approach for authentication for all requests going thru App Proxy to get around this limitation. Its cumbersome and a maintenance nightmare. There's also unnecessary repeated behind the scenes activity/load in the browser until the user is authenticated. This needs to be looked at and addressed immediately before it becomes a major development hassle.

  • Olaf commented  ·   ·  Flag as inappropriate

    We want to add/remove Sharepoint site followings via JavaScript / XMLHttpRequest by calling the REST interface (/_api/social.following/follow). Unfortunately, this is a POST request which triggers a CORS preflight. The CORS OPTIONS request will be blocked by the App Proxy, and the whole thing fails (on prem it works fine).

  • Anonymous commented  ·   ·  Flag as inappropriate

    We are having the same issue in our organization. Exposing multiple resources that reference each other, but are then blocked because of this limitation.

  • Mike commented  ·   ·  Flag as inappropriate

    can someone define "Soon". We are moving off of 2010 and need this for the new intranet via App Proxy. Please update.

Azure Active Directory: Application Proxy

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice