Terraform-provider-azurerm: CORS settings for function app

Created on 9 Jun 2018  ·  12Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When I deploy FunctionApp with CORS settings, I have no way to config that. If no one is trying this, I'd happy to contribute this.

New or Affected Resource(s)

  • azurerm_function_app

Potential Terraform Configuration

resource "azurerm_function_app" "test" {
  name                      = "test-azure-functions"
  location                  = "${azurerm_resource_group.test.location}"
  resource_group_name       = "${azurerm_resource_group.test.name}"
  app_service_plan_id       = "${azurerm_app_service_plan.test.id}"
  storage_connection_string = "${azurerm_storage_account.test.primary_connection_string}"
  cors_settings = ["http://localhost:8080", "http://aaa.bbbb.com"]
}

References

--->

  • #0000
enhancement servicfunctions
Source
picture TsuyoshiUshio
👍21

Most helpful comment

FYI, I added this support in #3666. To follow the same convention of that of app_service, the schema will look as follows:

resource "azurerm_function_app" "test" {
  name                      = "sample-function-cors"
  location                  = "${azurerm_resource_group.test.location}"
  resource_group_name       = "${azurerm_resource_group.test.name}"
  app_service_plan_id       = "${azurerm_app_service_plan.test.id}"
  storage_connection_string = "${azurerm_storage_account.test.primary_connection_string}"

  site_config {
    cors {
      allowed_origins = [
        "http://www.contoso.com",
        "www.contoso.com",
        "contoso.com"
      ]
      support_credentials = true
    }
  }
}
picture stack72 on 14 Jun 2019
👍4 🎉2

All 12 comments

Hi @TsuyoshiUshio,

Currently as far as I know no one is working on this.

katbyte picture katbyte on 11 Jun 2018

FWIW: here is our current (workaround) azurerm_template_deployment for CORS

resource "azurerm_template_deployment" "cors" {
  name                = "arm_cors"
  resource_group_name = "${azurerm_function_app.test_fn_app.resource_group_name}"
  deployment_mode     = "Incremental"

  template_body = <<DEPLOY
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "functionAppName": {
      "type": "string"
    }
  },
  "variables": {},
  "resources": [
    {
      "comments": "CORS allow origins *.",
      "type": "Microsoft.Web/sites/config",
      "name": "[concat(parameters('functionAppName'), '/web')]",
      "apiVersion": "2016-08-01",
      "properties": {
        "cors": {
          "allowedOrigins": [
            "*"
          ]
        }
      },
      "dependsOn": []
    }
  ]
}
DEPLOY

  parameters {
    "functionAppName" = "${azurerm_function_app.test_fn_app.name}"
  }

  depends_on = [
    "azurerm_function_app.test_fn_app",
  ]
}
kevinneufeld picture kevinneufeld on 24 Jul 2018

@kevinneufeld
Thanks for sharing. :) It is helpful.

TsuyoshiUshio picture TsuyoshiUshio on 24 Jul 2018

CORS has been implemented for App Service in provider v.1.24. Is there any blockers implement this for azurerm_function_app as well?

egorchabala picture egorchabala on 5 Apr 2019
👍2

Is there any new status on this? Given that functions are often implemented as service oriented API controllers, CORS is important for web browser security policies.

daveobike picture daveobike on 4 Jun 2019

FYI, I added this support in #3666. To follow the same convention of that of app_service, the schema will look as follows:

resource "azurerm_function_app" "test" {
  name                      = "sample-function-cors"
  location                  = "${azurerm_resource_group.test.location}"
  resource_group_name       = "${azurerm_resource_group.test.name}"
  app_service_plan_id       = "${azurerm_app_service_plan.test.id}"
  storage_connection_string = "${azurerm_storage_account.test.primary_connection_string}"

  site_config {
    cors {
      allowed_origins = [
        "http://www.contoso.com",
        "www.contoso.com",
        "contoso.com"
      ]
      support_credentials = true
    }
  }
}
stack72 picture stack72 on 14 Jun 2019
👍4 🎉2

As workaround I created a module to wrap a az command in resources: https://registry.terraform.io/modules/StefanSchoof/function-cors/azurerm

StefanSchoof picture StefanSchoof on 30 Jul 2019

I think this is done in #3949 and released with 1.33.0.

StefanSchoof picture StefanSchoof on 22 Aug 2019

@katbyte or @tombuildsstuff: I thing this is done and can be closed.

StefanSchoof picture StefanSchoof on 4 Oct 2019
👍1

Closing @StefanSchoof's request - thanks for the ping :)

tombuildsstuff picture tombuildsstuff on 4 Oct 2019

Seems there is an issue with this causing it to fail if you specify support_credentials see: https://github.com/terraform-providers/terraform-provider-azurerm/issues/3188#issuecomment-499483190

sonic1981 picture sonic1981 on 31 Dec 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 31 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mooperd picture mooperd  ·  48Comments
hashibot picture hashibot  ·  48Comments
tombuildsstuff picture tombuildsstuff  ·  89Comments
TPPWC picture TPPWC  ·  55Comments
hashibot picture hashibot  ·  28Comments