CORS Prelight Issue

问题

I am getting following error for a jQuery call to my azure app proxy

XMLHttpRequest cannot load https://azentsearchdev01-mytenant.msappproxy.net/search?text=mytext&type=json&callback=json_callback. Response for preflight is invalid (redirect)

This is what I am doing

1. From mytenantsite.sharepoint.com, making a call jQuery call to an Azure app on the folliwing url - https://azentsearchdev01-mytenant.msappproxy.net

2. As part of the call, I am setting an authorization header with authentication token (access token) from Azure AD

3. The jQuery call is fails with a 302 redirect to https://login.microsoftonline.com/

Here is my code

//authorization context
var resource = 'https://azentsearchdev01-mytenant.msappproxy.net/';
var endpoint = 'https://azentsearchdev01-mytenant.msappproxy.net/search?text=mytext&type=json&callback=json_callback';
			
var authContext = new AuthenticationContext({
        instance: 'https://login.microsoftonline.com/',
        tenant: 'mytenant.onmicrosoft.com',
        clientId: 'guid for client id',
        postLogoutRedirectUri: window.location.origin,
        cacheLocation: 'localStorage'
    });

//save tokens if this is a return from AAD
authContext.handleWindowCallback();

var user = authContext.getCachedUser();
if (user) {  //successfully logged in
    authContext.acquireToken("https://graph.windows.net", function (error, token) {
      if (error || !token) {
         jQuery("#loginMessage").text('ADAL Error Occurred: ' + error);
             return;
      }

      $.ajax({
        type: 'GET',
	    url: endpoint,
		headers: {
           Accept: 'application/json',
           },
	   beforeSend: function(xhr, settings) { 
			xhr.setRequestHeader('Authorization','Bearer ' + token); 
		   }
	       }).done(function (data) {
                jQuery("#loginMessage").text('success');
               }).fail(function (err) {
                jQuery("#loginMessage").text('Error calling endpoint: ' + err.statusText); **-->This is where the code lands**
               }); 

So far -

Based on what I have read, this is known gap in current state of how browsers handle a CORS preflight redirects. Reference link.

Question -

Are there any options to make a successful call to an app that requires cors preflight redirect?

回答1:

To overcome the CORS issue for the Azure AD app proxy, we can develop a proxy for the Azure AD App proxy.

And if anyone want to Azure AD app proxy to support CORS, you can vote it through this link.

来源：https://stackoverflow.com/questions/43955808/cors-prelight-issue