We are looking at enabling a feature that focuses on supporting CORS preflight requests between two applications. This works by allowing you to configure the response and have App Proxy handle it on behalf of the app.
A pre-requisite for this feature to work is that the user must be able to authenticate into the second application in order to avoid a CORS issue from the login flow into the second app.
To avoid this the user will have to make sure they have already accessed the 2nd application before the CORS request, and has valid credentials. This should work for wildcard apps and can also be achieved by adding a fake link / image to the 2nd application in the first application.
We would love to get your feedback on this requirement and if this is something that will fit your use case.Visceglia, Felice supported this idea ·
An error occurred while saving the commentVisceglia, Felice commented
Echoing what many others have said, it is a bit silly to not have a solution for this, giving how common CORS request flows are. We, too, need to use AAD App Proxy for SharePoint on-prem. Our SharePoint site calls an internal API cross-origin. If we enable AAD Pre-Auth for the API, that introduces the CORS issues detailed here. If we switch to passthrough, in addition to the obvious security implications, we still have issues because that disables Azure SSO (e.g., the AAD App Proxy Connector will no longer act as a delegate for negotiate-kerberos auth). I do not think the solution outlined by MS response here is sufficient for these common use cases.