8

I am trying azure function (nodejs) with google authentication from a client side javascript app. I have set up CORS for the correct URL(i.e. http://localhost:8080). But I am still getting the following error:

Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:8080' is therefore not allowed access.

I have tried everywhere on the internet and spent few days to get the answers myself. It seems Azure http response needs to add this Access-Control-Allow-Credentials:true in the header. Is there a way to add custom headers?

Any help will be greatly appreciated.

Improve this question
2
  • Are you using nodejs ? Commented Aug 29, 2016 at 21:33
  • @Thomas, yes nodejs at server side and javascript fetch at client side. Commented Aug 30, 2016 at 3:22

2 Answers 2

Reset to default
12

In a Node function you can specify additional headers as follows:

module.exports = function (context, req) {
    context.res = {
        status: 200,
        body: "Hello " + req.query.name,
        headers: {
            'Content-Type': 'text/plain',
            'MyCustomHeader': 'Testing'
        }
    };
    context.done();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

It may not help in this case, I think this error is a preflight http OPTIONS, which means your function would not be called.
Yes, I am getting this error in preflight, so my function does not get chance. It was handled by azure infrastructure. Please help me guys, i am real stuck.
@SofaGum, how did you configure CORS ? From the azure portal ?
this should be top !!
2

I have finally managed to get around the issue. The trick is to remove all the CORS entries from Azure Functions app and handle it directly in your code.

Thanks to the tip shared in another stackoverflow issue regarding azure app service, which worked for azure functions as well.

More details regarding the work around are at:

github issue #620

Improve this answer

1 Comment

I'm not seeing the desired behavior. When I delete all CORS entries in the App Settings, I can successfully set the "Access-Control-Allow-Credentials" header to "true" in my Azure Functions code. However, in this situation the "Access-Control-Allow-Origin" header is cleared. If I instead use the CORS setting in the App Settings, I can have Access-Control-Allow-Origin set properly, but Access-Control-Allow-Credentials is cleared.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.