CORS

If your api will be consumed by a web browser you have to add cors policies to your api.

"allowedOrigins": {
    "value": [  
        "https://the.webb.app.url/",
        "https://another.webb.app.url/"      
    ]
}

Allow all origins

"allowedOrigins": {
    "value": [  
        "*"    
    ]
}

Policy

<policies>
    <inbound>
        <cors allow-credentials="false">
            <allowed-origins>
                {allowed-origins}
            </allowed-origins>
            <allowed-methods preflight-result-max-age="300">
                <method>*</method>
            </allowed-methods>
            <allowed-headers>
                <header>*</header>
            </allowed-headers>
            <expose-headers>
                <header>*</header>
            </expose-headers>
        </cors>


        ...

</policies>