Cross-origin resource sharing (CORS) policy
The cors policy adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.
We have already configured the CORS policy for our APIs in labs 2 & 3. Below is the resulting XML:
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://apim-sk-12212021.developer.azure-api.net</origin>
<origin>https://colors-web.azurewebsites.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
</inbound>
<backend>
<forward-request />
</backend>
<outbound />
<on-error />
</policies>