Search code examples
regexiiscdnurl-rewrite-moduleazure-cdn

Rewrite Access Control Allow Origin for Azure CDN Request with URL Rewrite Module

I have a situation where example.com has multiple subdomains using the same CSS file which in turn are using the same font file embedded in it. The webfont keeps getting a cross domain cors errors in the "New Way" below. The "Old Way" worked fine as the CDN sets the Origin if * is found from the original request for the CDN request on the second try.

I want to not do this because it allows anyone to use these files. What I do want to do is only write the * if my CDN is requesting which contains the Header X-MS-CacheID, however it doesnt seem to be working. Its causing COR issues like its not being hit.

Any clue if my format is right?

Old Way

<outboundRules>
        <rule name="Set Access-Control-Allow-Origin header">
          <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" />
          <action type="Rewrite" value="*" />
        </rule>
      </outboundRules>

New Way

 <outboundRules>
  <rule name="Set Access-Control-Allow-Origin header">
      <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" />
      <action type="Rewrite" value="*" />
                <conditions>
                    <add input="HTTP_x_ms_cacheid" pattern=".*" />
                </conditions>
    </rule>
  </outboundRules>

Logged Request

GET https://example.com/home/test?r=777
Connection: Keep-Alive
Accept-Encoding: gzip, br
Cookie: _hp2_id.2757902115=%7B%22userId%22%3Anull%2C%22pageviewId%22%3A%225689423556149444%22%2C%22sessionId%22%3A%221868667023650329%22%2C%22identity%22%3A%2210afdd1785cda40fd3369b7ac259331261f1183c%22%2C%22trackerVersion%22%3A%223.0%22%7D; _ga=GA1.2.937945742.1498499252; __zlcmid=hDgYBKLfkviazc; ajs_anonymous_id=%229aa463a1-0b5b-4813-8743-63927a622489%22; ajs_user_id=%2216754861248%22; ajs_group_id=1336088; rxVisitor=15214949470675C4GAOAP6N7F4G5KA91BTI1MPDG4LLKS; __qca=P0-1799053232-1532395382422; __zlcprivacy=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
upgrade-insecure-requests: 1
X-MS-Ref: 0eEk5XAAAAAAZD5NP0YhTRbA/Fq601jLiQVRBRURHRTEyMTEAOWY2OTZmMDMtODg4My00MzYxLWIwODQtNDc3YzIzYjA3Mjcy, 0eEk5XAAAAACPv5BjdqqhSJV3bz5bv3RMQkwyRURHRTAzMTkAOWY2OTZmMDMtODg4My00MzYxLWIwODQtNDc3YzIzYjA3Mjcy
X-MS-CacheID: 591DC589-C82D-4290-BB1C-0323968866CC, 6696BBA5-FA1D-4A4B-B73C-C55E067D588F
Solution

  • Well I guess my request to CSS and Font files didnt have the X-MS-CacheID, but had the X-MS-Ref one.

    <rule name="Set CDN Access-Control-Allow-Origin header" stopProcessing="true">
          <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
            <add input="HTTP_x_ms_ref" pattern=".*" />
          </conditions>
          <action type="Rewrite" value="*" />
        </rule>