Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Linux based App Service caching cookies when CORS is enabled from Azure Portal #128
The implementation of the Authentication/Authorization and CORS features for Azure App Service on Linux make use of a reverse proxy in order to make modifications to incoming requests and outgoing responses. For cookies set by customer code without specified domains and not marked as Secure, the reverse proxy layer would cache the cookies, meaning that cookies set for one browser session could be seen across other browser sessions.
We are currently in the process of rolling out the fix. For customer's who don't want to wait, we have a work around of applying the fix manually. Simply set the app setting WEBSITE_CUSTOM_MIDDLEWARE_VERSION=1912022226. Note that if the VM does not already have this image installed, there may be an impact on cold start.
Our next update regarding the fix deployment status will be at 12/6/2019 11AM PST.