Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Olaf

← Customer Feedback for ACE Community Tooling

My feedback

  1. CORS for App Proxy

    194 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    22 comments  ·  Azure Active Directory » Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    need-feedback  ·  AdminAzure AD Team (Product Owner, Microsoft Azure) responded

    We are looking at enabling a feature that focuses on supporting CORS preflight requests between two applications. This works by allowing you to configure the response and have App Proxy handle it on behalf of the app.

    A pre-requisite for this feature to work is that the user must be able to authenticate into the second application in order to avoid a CORS issue from the login flow into the second app.
    To avoid this the user will have to make sure they have already accessed the 2nd application before the CORS request, and has valid credentials. This should work for wildcard apps and can also be achieved by adding a fake link / image to the 2nd application in the first application.

    We would love to get your feedback on this requirement and if this is something that will fit your use case.

    An error occurred while saving the comment
    Olaf commented  · 

    > We would love to get your feedback on this requirement
    For our use case it sounds promising. The only thing to mention is that it´s not sufficient to load an image from the 2nd application to trigger SSO to there. You need an iframe loading a (dummy) webpage from the 2nd app.

    An error occurred while saving the comment
    Olaf commented  · 

    We want to add/remove Sharepoint site followings via JavaScript / XMLHttpRequest by calling the REST interface (/_api/social.following/follow). Unfortunately, this is a POST request which triggers a CORS preflight. The CORS OPTIONS request will be blocked by the App Proxy, and the whole thing fails (on prem it works fine).

    Olaf supported this idea  · 

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice