Cross Origin Resource Sharing (CORS) – Part 1

Santosh Gaikwad

Santosh Gaikwad

Connect on LinkedIn      Follow SCI Page

Write to
Santosh Gaikwad

Latest posts by Santosh Gaikwad (see all)

>> Part 2

Many times you would have a requirement of Making AJAX calls using JavaScript to APIs or resources from another website (different domain than your origin), try doing it and it fails.

Why does JavaScript call to another domain fail?

Generally all the browsers impose same-origin policy security restrictions. The same-origin policy means that your JavaScript can only make AJAX calls back to the same origin of the containing web page.

E.g. JavaScript written on cannot make AJAX calls to APIs on

So what is the way out to make call to resources from another domain and consume the output?

Answer to above question is Cross-origin resource sharing (CORS).

What is Cross Origin Resource Sharing (CORS)?

CORS is a World Wide Web Consortium (W3C) specification that lets JavaScript overcome the same-origin policy by browsers. CORS relaxes this restriction by letting servers indicate which origins are allowed to call them. CORS is enforced by browsers but must be implemented on the server. You can configure policy to allow JavaScript clients from a different origin to access your APIs.

CORS is not an authentication mechanism. Any request made against APIs or any resources when CORS is enabled must either have a proper authentication signature, or must be made against a public resource.

 CORS Support in Azure Storage Services

Azure Storage blobs, tables, and queues all support CORS to allow for access to the Storage API from the browser. By default, CORS is disabled, but you can explicitly enable it for a specific storage service within your storage account.

The general mechanics of CORS are such that when JavaScript is attempting to make a cross-origin AJAX call the browser will “ask” the server if this is allowed by sending headers in the HTTP request (for example, Origin). The server indicates what’s allowed by returning HTTP headers in the response (for example, Access-Control-Allow-Origin). This permission check is done for each distinct URL the client invokes, which means different URLs can have different permissions.

How to Enable Azure Storage Services for CORS?

You can set CORS rules individually for each of the storage services, by calling Set Blob Service Properties, Set File Service Properties, Set Queue Service Properties, and Set Table Service Properties. Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.

There are multiple ways to set the CORS rules for BLOB storage

1. From Azure Portal

2. Using source code

3. Using Tools

>> Part 2

Check Articles From Categories      Health and Parenting      Inspiring Stories      Technology      Microsoft Azure      SharePoint O365

Leave a Reply

Your email address will not be published. Required fields are marked *