{ "id": "cloud/azure-function-app-cors-origin-not-allowed", "signature": "Access to fetch at 'https://myfuncapp.azurewebsites.net/api/endpoint' from origin 'https://myapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.", "signature_zh": "从源 'https://myapp.com' 获取 'https://myfuncapp.azurewebsites.net/api/endpoint' 的访问已被 CORS 策略阻止:请求的资源上不存在 'Access-Control-Allow-Origin' 标头。", "regex": "Access to fetch at 'https://[a-z]+\\.azurewebsites\\.net/api/.*' from origin 'https://[a-z]+\\.com' has been blocked by CORS policy", "domain": "cloud", "category": "config_error", "subcategory": null, "root_cause": "Azure Function App's CORS configuration does not include the requesting origin, or the function app uses an API Management layer that strips CORS headers.", "root_cause_type": "generic", "root_cause_zh": "Azure Function App 的 CORS 配置未包含请求源,或者函数应用使用了会剥离 CORS 标头的 API 管理层。", "versions": [ { "version": "Azure Functions Runtime 4.x", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Azure API Management 2022-09-01-preview", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "Azure Functions' built-in CORS middleware may override custom headers if both are present.", "fail_rate": 0.65, "condition": "", "sources": [] }, { "action": "", "why_fails": "Browsers send a preflight OPTIONS request; if the function does not handle it, the actual request is blocked.", "fail_rate": 0.75, "condition": "", "sources": [] } ], "workarounds": [ { "action": "In the Azure Portal, go to the Function App -> CORS -> add the allowed origin (e.g., https://myapp.com) in the allowed origins list. Ensure 'Enable Access-Control-Allow-Credentials' is unchecked if using wildcards.", "success_rate": 0.9, "how": "In the Azure Portal, go to the Function App -> CORS -> add the allowed origin (e.g., https://myapp.com) in the allowed origins list. Ensure 'Enable Access-Control-Allow-Credentials' is unchecked if using wildcards.", "condition": "", "sources": [] }, { "action": "If using Azure API Management, configure CORS policy at the API level: add a policy with element containing the origin URL.", "success_rate": 0.85, "how": "If using Azure API Management, configure CORS policy at the API level: add a policy with element containing the origin URL.", "condition": "", "sources": [] }, { "action": "Example code for manual CORS handling in a Python function: response = func.HttpResponse(body=..., status_code=200, headers={'Access-Control-Allow-Origin': 'https://myapp.com'})", "success_rate": 0.75, "how": "Example code for manual CORS handling in a Python function: response = func.HttpResponse(body=..., status_code=200, headers={'Access-Control-Allow-Origin': 'https://myapp.com'})", "condition": "", "sources": [] } ], "workarounds_zh": [ "在 Azure 门户中,转到 Function App -> CORS -> 在允许的来源列表中添加允许的来源(例如 https://myapp.com)。如果使用通配符,请确保取消选中 '启用 Access-Control-Allow-Credentials'。", "如果使用 Azure API 管理,请在 API 级别配置 CORS 策略:添加 策略,其中包含 元素和来源 URL。", "Python 函数中手动处理 CORS 的示例代码:response = func.HttpResponse(body=..., status_code=200, headers={'Access-Control-Allow-Origin': 'https://myapp.com'})" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings#cors", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.82, "fix_success_rate": 0.85, "resolvable": "true", "first_seen": "2023-03-10", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }