Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Networking?

← Networking

Correctly handle CORS with Range header

When browser sends a Range request to CDN, CDN downloads the entire file from origin, then serve the appropriate range to the browser. However, when serving the content range, it does not send the CORS header that is present in the origin, thus breaking cross origin requests.

6 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Li Huan Jeow shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
under review  ·  Anton Kucer [MSFT] responded  · 

Which SKU of Azure CDN are you using – Azure CDN from Verizon or Azure CDN from Akamai. See the following documentation for working with CORS and Azure CDNhttps://docs.microsoft.com/en-us/azure/cdn/cdn-cors. If CORS isn’t working after following this documentation please provide us a repro or open up a support ticket so that we can investigate further.

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Li Huan Jeow commented  ·   ·  Flag as inappropriate

    Below is LINQPad code for 2 requests. First request goes to blob storage. You can see that the blob is correctly configured for CORS, giving the output as "https://coursepad.com"

    The 2nd request goes to CDN from Verizon, accessing the same file. Accessing the CORS response header results in InvalidOperationException.

    For requests without Range header, the CDN works correctly with CORS. However, having the Range header causes CDN not to send CORS header for all subsequent requests (be it with or without Range header).

    var client = new System.Net.Http.HttpClient();
    var requestBlob = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://portalvhdsnrnbpx7x1mzv8.blob.core.windows.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
    requestBlob.Headers.Add("Origin", "https://coursepad.com");
    requestBlob.Headers.Add("Range", "bytes=918-919");
    requestBlob.Headers.Host = "portalvhdsnrnbpx7x1mzv8.blob.core.windows.net";
    var responseBlob = await client.SendAsync(requestBlob);
    responseBlob.Headers.GetValues("Access-Control-Allow-Origin").Dump();

    var request = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://az647590.vo.msecnd.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
    request.Headers.Add("Origin", "https://coursepad.com");
    request.Headers.Add("Range", " bytes=918-919");
    request.Headers.Host = "az647590.vo.msecnd.net";
    var response = await client.SendAsync(request);
    response.Headers.GetValues("Access-Control-Allow-Origin").Dump();

Networking: Content Delivery Network

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice