Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Visceglia, Felice

My feedback

  1. 194 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Azure Active Directory » Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    We are looking at enabling a feature that focuses on supporting CORS preflight requests between two applications. This works by allowing you to configure the response and have App Proxy handle it on behalf of the app.

    A pre-requisite for this feature to work is that the user must be able to authenticate into the second application in order to avoid a CORS issue from the login flow into the second app.
    To avoid this the user will have to make sure they have already accessed the 2nd application before the CORS request, and has valid credentials. This should work for wildcard apps and can also be achieved by adding a fake link / image to the 2nd application in the first application.

    We would love to get your feedback on this requirement and if this is something that will fit your use case.

    Visceglia, Felice supported this idea  · 
    An error occurred while saving the comment
    Visceglia, Felice commented  · 

    Echoing what many others have said, it is a bit silly to not have a solution for this, giving how common CORS request flows are. We, too, need to use AAD App Proxy for SharePoint on-prem. Our SharePoint site calls an internal API cross-origin. If we enable AAD Pre-Auth for the API, that introduces the CORS issues detailed here. If we switch to passthrough, in addition to the obvious security implications, we still have issues because that disables Azure SSO (e.g., the AAD App Proxy Connector will no longer act as a delegate for negotiate-kerberos auth). I do not think the solution outlined by MS response here is sufficient for these common use cases.

Feedback and Knowledge Base