CDN: Support Vary: Origin header.
The CDN ignores the Vary: Origin header, and thus the associated Access-Control-Allow-Origin is not emitted either. Even though the underlying blob store does return the correct Vary header, the CDN ignores this (basically breaking HTTP logic) and returns the same response to all users regardless of the origin (X-Cache: HIT) is then returned instead.
This is basically a flaw, a bug, and an oversight- but I'm not going to pay for Azure support to tell you this.
Without this functioning properly, the CDN cannot be used to host website resources (such as fonts) since these must all have Access-Control-Allow-Origin headers (a behavior ironically introduced by Microsoft with IE9, later adopted by Firefox, and soon to be adopted by Chrome).
Azure CDN by default ignores Vary header except when it is used with Vary: accept-encoding. This is done as the Vary header can easily cause serious cache bloat issues. Long term we are targeting feature to allow users to easily adjust this default behavior.
Mårten Wikström commented
It's great that you have long term plans to allow users to adjust Vary handling.
However, this request is specifically about supporting Vary: Origin.
Can you please consider supporting that (like you do with Vary: Accept-Encoding) so that we can use Azure Front Door with CORS and a set of allowed origins. It is impossible today!
This is really critical. We cannot use crossorigin attribute on scripts (for error tracking) because it is not supported in all browsers, and causes CORS issues without Vary later
Paul Turner commented
If you use Azure CDN Verizon Premium you can add Rules to support fonts, see https://azure.microsoft.com/en-us/documentation/articles/cdn-cors/
Any updates here?
Dan Lee commented
No update? This is urgent function to be implemented ASAP.
Dirk Sarodnick commented
seriously? 19 month and still nothing? you do understand, that this is not just a little bling-bling feature, right?
Is there no way to get around this for fonts?
When i try to use BLOB container URL images working fine but when using CDN URL getting error
XMLHttpRequest cannot load https://02.vo.msecnd.net/assets/img/icons/ic_clear_48px.svg. The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8080'; that is not equal to the supplied origin. Origin 'http://localhost:8081'; is therefore not allowed access.
Matt Woodward commented
I'm seeing issues in relation to this for accessing fonts stored on the CDN via css.
+3 as I see this as a pretty critical use case for mose CDN users.
Praneet Loke commented
Is there any progress on this? This is a major blocker for anyone wanting to use the CDN service.