Calling Azure Functions from JavaScript – The CORS configuration

You cannot call Azure Functions from JavaScript unless you configure the CORS settings for your Function Apps:

Azure Functions CORS Settings

Azure Functions CORS Settings

This is because Microsoft have by default enabled CORS and only allows only some azure domains to access the Function Apps:

Default CORS Settings

Default CORS Settings

So to enable access from your JavaScript you have to add your domain to the list of allowed origins.

If you wish to allow every domain to access your apps, you must remove all domains from the list and add a “*” to the list as the only entry:

Allow all

Allow all

However, this is widely regarded as a bad move, as all security is thrown out of the window. Azure Functions only security measurements are security tokens passed a parameters, and when calling the Azure Function from JavaScript, this token is exposed to the entire world. You should carefully consider the security implications before allowing every hacker access to your Azure Functions.

Happy coding!


About briancaos

Developer at Pentia A/S since 2003. Have developed Web Applications using Sitecore Since Sitecore 4.1.
This entry was posted in Microsoft Azure and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.