Correctly handle CORS with Range header
When browser sends a Range request to CDN, CDN downloads the entire file from origin, then serve the appropriate range to the browser. However, when serving the content range, it does not send the CORS header that is present in the origin, thus breaking cross origin requests.

Which SKU of Azure CDN are you using – Azure CDN from Verizon or Azure CDN from Akamai. See the following documentation for working with CORS and Azure CDN – https://docs.microsoft.com/en-us/azure/cdn/cdn-cors. If CORS isn’t working after following this documentation please provide us a repro or open up a support ticket so that we can investigate further.
1 comment
-
Li Huan Jeow commented
Below is LINQPad code for 2 requests. First request goes to blob storage. You can see that the blob is correctly configured for CORS, giving the output as "https://coursepad.com"
The 2nd request goes to CDN from Verizon, accessing the same file. Accessing the CORS response header results in InvalidOperationException.
For requests without Range header, the CDN works correctly with CORS. However, having the Range header causes CDN not to send CORS header for all subsequent requests (be it with or without Range header).
var client = new System.Net.Http.HttpClient();
var requestBlob = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://portalvhdsnrnbpx7x1mzv8.blob.core.windows.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
requestBlob.Headers.Add("Origin", "https://coursepad.com");
requestBlob.Headers.Add("Range", "bytes=918-919");
requestBlob.Headers.Host = "portalvhdsnrnbpx7x1mzv8.blob.core.windows.net";
var responseBlob = await client.SendAsync(requestBlob);
responseBlob.Headers.GetValues("Access-Control-Allow-Origin").Dump();var request = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://az647590.vo.msecnd.net/content/c18eb462eff84ab4946647056804cc42/1_0_dashinit.mp4" );
request.Headers.Add("Origin", "https://coursepad.com");
request.Headers.Add("Range", " bytes=918-919");
request.Headers.Host = "az647590.vo.msecnd.net";
var response = await client.SendAsync(request);
response.Headers.GetValues("Access-Control-Allow-Origin").Dump();