0
0
AzureHow-ToBeginner · 4 min read

How to Configure CORS for Azure Blob Storage

To configure CORS for Azure Blob Storage, define allowed origins, methods, headers, and max age in the storage account's CORS settings. You can do this using the Azure Portal, Azure CLI, or Azure PowerShell by specifying these rules on the Blob service.
📐

Syntax

The CORS configuration for Azure Blob Storage consists of a list of rules. Each rule includes:

  • AllowedOrigins: URLs allowed to access the storage.
  • AllowedMethods: HTTP methods permitted (GET, PUT, POST, etc.).
  • AllowedHeaders: Headers allowed in the request.
  • ExposedHeaders: Headers exposed in the response.
  • MaxAgeInSeconds: How long the browser caches the preflight response.
bash
az storage cors add --methods <methods> --origins <origins> --allowed-headers <headers> --exposed-headers <headers> --max-age <seconds> --services b --account-name <storage-account>
💻

Example

This example shows how to allow cross-origin GET and PUT requests from https://example.com with specific headers and a cache duration of 3600 seconds.

bash
az storage cors add \
  --methods GET PUT \
  --origins https://example.com \
  --allowed-headers x-ms-meta-data*,x-ms-meta-target*,x-ms-meta-abc \
  --exposed-headers x-ms-meta-abc,x-ms-meta-data* \
  --max-age 3600 \
  --services b \
  --account-name mystorageaccount
Output
CORS rule added successfully.
⚠️

Common Pitfalls

Common mistakes when configuring CORS for Blob Storage include:

  • Not specifying the correct --services flag (must be b for Blob service).
  • Using wildcard * in AllowedOrigins which is not supported for credentials.
  • Forgetting to include all necessary HTTP methods.
  • Not setting AllowedHeaders and ExposedHeaders properly, causing requests to fail.

Always verify your CORS rules after setting them.

bash
az storage cors add --methods GET POST --origins * --allowed-headers * --exposed-headers * --max-age 3600 --services b --account-name mystorageaccount

# Wrong: Using '*' for origins with credentials

# Correct:
az storage cors add --methods GET POST --origins https://example.com --allowed-headers * --exposed-headers * --max-age 3600 --services b --account-name mystorageaccount
📊

Quick Reference

Summary tips for configuring CORS on Azure Blob Storage:

  • Use --services b to target Blob service.
  • Specify exact origins instead of * for security.
  • Include all HTTP methods your app needs.
  • Set AllowedHeaders and ExposedHeaders carefully.
  • Use az storage cors list to review current rules.

Key Takeaways

Configure CORS rules on the Blob service of your storage account using Azure CLI or Portal.
Always specify allowed origins explicitly; avoid using '*' when credentials are involved.
Include all required HTTP methods and headers in your CORS configuration.
Use the Azure CLI command 'az storage cors add' with '--services b' to set rules for Blob Storage.
Verify your CORS settings with 'az storage cors list' to ensure correct behavior.

Related by keyword

How to Configure Azure CLI: Setup and Usage GuideGetting StartedHow to Configure App Settings in Azure App ServiceApp ServiceHow to Use Blob Trigger Azure Function: Simple GuideAzure FunctionsHow to Configure Firewall for Azure SQL DatabaseAzure SQL and CosmosDBHow to Configure a Custom Domain in Azure: Step-by-Step GuideNetworking

Up next

What is Input Binding in Azure Function: Simple ExplanationOutput Binding in Azure Functions: What It Is and How It WorksAzure SQL vs SQL Server: Key Differences and When to Use EachCosmosDB vs DynamoDB: Key Differences and When to Use Each

More in Blob Storage

Blob Storage vs AWS S3: Key Differences and When to Use EachAzure Blob vs File vs Queue vs Table Storage: Key Differences & UsageAzure Hot vs Cool vs Archive Tier: Key Differences and UsageHow to Create a Container in Azure Blob Storage