Azure Machine Learning - CORS

Question

I've searched for hours for this and can't find a single thing that answers the question. I've created and published a new Azure Machine Learning service, and have created an endpoint. I can call the service using the Postman REST CLient, but accessing it via a JavaScript webpage returns a console log saying that CORS is enabled for the service. Now, for the life of me, I can't figure out how to disable CORS for Azure Machine Learning services. Any help would be much appreciated, thanks!

Answer 1

Just an excerpt from the Azure ML Book (one may find it useful):

This CORS restriction really means that if you wish to fully exploit Azure Machine Learning web services for deployment, testing, and production for a wide variety of (web) clients, you will need to host your own server-side applications. You basically have two choices.

1. Host a web application, such as an ASP.NET webpage, and invoke the Azure Machine Learning web service server-side to conform to the current Azure Machine Learning CORS restrictions.
2. Host your own web service that does provide CORS support and can in turn invoke the Azure Machine Learning web service on behalf of a wide variety of web and mobile clients via modern protocols and data formats like REST and JSON.

Answer 2

Currently, we don't support disabling CORS on API side but you can either use the above option or you can use the API management service to disable CORS. The links below should help you with this

Here are the links: step by step guide, also this video on setting headers, and this doc on policies.

API Management service allow CORS by enabling it in the API configuration page

Answer 3

You have to start your browser with --disable-web-security ( Chrome that is ). Here's some jQuery that allowed me to call the service AFTER re-starting my browser with --disable-web-security:

$(document).ready(function () {
    var ajaxData = "-- the request body ";
    var serviceUrl = "https://ussouthcentral.services.azureml.net/workspaces/00e36959fc3e4673a32eae9f9b184346/--whatever";

    $.ajax({
        type: "POST",
        url: serviceUrl,
        data: ajaxData,
        headers: {
            "Authorization": "Bearer --API KEY HERE--",
            "Content-Type": "application/json;charset=utf-8"
        }
    }).done(function (data) {
        console.log(data);
    });
});

That returned the data. NOTE: Be sure you see that warning in Chrome. I didn't at fist, because some Chrome processes were still running in the background. After killing those, restarting with that flag, seeing the message, it worked. ( Chrome v40.something )

See: https://stackoverflow.com/a/6083677/896697