CORS issue when connecting to DevTunnel

[mb236]

I currently have a scenario where I'm running into an issue with CORS when I try to connect from one dev tunnel to another.
In my scenario I'm hosting an Angular application on devtunnel1.devtunnels.ms and my ASP.NET Core backend on devtunnel2.devtunnels.ms. I would like to communicate my Angular application (hosted on devtunnel1) to communicate with my backend hosted on devtunnel2.

Since the HTTP requests are performed by the browser, CORS is checked an I'm receiving an error of the following kind:

Access to XMLHttpRequest at 'https://devtunnel1.devtunnels.ms' from origin 'https://devtunnel2.devtunnels.ms' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I should mention that the request itself is routed successfully to my backend on devtunnel2, since the response code is a 200 and I also see the request coming through. The response is blocked from the browser due to the mentioned CORS error.

Did I configure something wrong or is this scenario not supported yet?

[Plevi1337]

Were you able to solve this somehow? I'm running into the same issue.

[klvnraju]

Did you add access-control-allow-origin header for your server?

I am trying to repro this issue with this sample code and things seems to be working as expected.

Below is the nodejs server code which adds CORS header. (Update the origin to the client tunnel address and make sure this is anonymous tunnel)

const express = require('express');
const cors = require('cors');
const app = express();

const ingredients = [
    {
        "id": "1",
        "item": "Bacon"
    }
];

// Update this with client tunnel url. Change it to '*' if you want to allow all
app.use(cors({
    origin: 'https://qjrvmwhh-5070.usw2.devtunnels.ms'
}));

app.get('/ingredients', (req, res) =>{
    res.send(ingredients);
});
app.listen(6069);

And below is a simple client index.html to call this api. (Update the server tunnel url)

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>Home</title>
        <script type="text/javascript">
            fetch("https://qp1bckqj-6069.usw2.devtunnels.ms/ingredients").then(req => req.text()).then(console.log)
        </script>
    </head>
    <body>
        <div class="container">
            <h1>Home</h1>
        </div>
    </body>
</html>

And note the access-control-allow-origin header that server responds with.

[mb236]

Hi @klvnraju,
I double checked and it seems that was really an issue with the CORS settings on my ASP.NET Core service.

In my case I tried to use wildcard subdomains (e.g. "https://*.devtunnels.ms") and there are two things that I was missing:

• You need to explicitly call SetIsOriginAllowedToAllowWildcardSubdomains() to allow for the use of wildcard subdomains
• At the time of writing wildcard subdomains cannot contain a wildcard port. So a wildcard like this: https://*.devtunnels.ms:* (to allow for a random port) will resume in an error. In my case I just provided the port that I wanted to the wildcard e.g. https://*.devtunnels.ms:4200 and than it started working.

This issue can be closed from my end as it is not an issue related to Dev Tunnels. It just something to keep in mind while one is setting up CORS configuration 😄

[klvnraju]

Glad to hear that. Closing the issue.