[英]CORS Configuration for Azure AD B2C Page UI Customization
I'm using a custom page UI template for my Azure AD B2C sign in/sign up and I want to know what domain I need to use in CORS
configuration in my Azure Blob Storage account. 我正在为Azure AD B2C登录/注册使用自定义页面UI模板,我想知道我需要在Azure Blob存储帐户的CORS
配置中使用哪个域。
Login page seems to come from https://login.microsoftonline.com
. 登录页面似乎来自https://login.microsoftonline.com
。 Is that the correct origin? 那是正确的起源吗?
When I use the StorageClient
command line tool Microsoft created for uploading my custom UI files to my Azure Blob Storage, I've noticed that it sets it to *
for Allowed Origins
which the documentation indicates as well. 当我使用Microsoft创建的StorageClient
命令行工具将我的自定义UI文件上传到我的Azure Blob存储时,我注意到该文件也将其设置为*
Allowed Origins
。 Here's the documentation: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-ui-customization-custom-dynamic#step-3-configure-cors-in-azure-app-service 这是文档: https : //docs.microsoft.com/zh-cn/azure/active-directory-b2c/active-directory-b2c-ui-customization-custom-dynamic#step-3-configure-cors-in- Azure应用服务
I don't think this is really secure and I want to limit it to only those domains that are absolutely necessary. 我认为这不是真的安全,我想将其限制为仅那些绝对必要的域。
I want to do this for two reasons, both of which are pretty important: 我要这样做有两个原因,这两个原因都很重要:
CORS
is set at service level on Azure Blob Storage and not container level. 更重要的是, CORS
是在Azure Blob存储的服务级别而不是容器级别设置的。 I have other containers under the same storage account that contain user files. 我在同一存储帐户下还有其他包含用户文件的容器。 Those files should only be accessible from my app which creates a SAS to allow access to them. 只能从我的应用程序访问这些文件,该应用程序创建了SAS以允许对其进行访问。 If I set the Allowed Origins
for CORS
to any, it will make my app less secure even though the protected files will still require a SAS. 如果我将CORS
的“ Allowed Origins
设置为任何值,即使受保护的文件仍需要SAS,也会使我的应用程序安全性降低。 As I said before, I want to keep security as tight as possible. 正如我之前所说,我想保持尽可能严格的安全性。 So, the question is: what URL should I enter under Allowed Origins
in my CORS
configuration for Azure AD B2C? 因此,问题是:在Azure AD B2C的CORS
配置中,我应在“ Allowed Origins
下输入哪个URL? I don't just want to make the assumption that it's https://login.microsoftonline.com
because Microsoft usually does a few redirects in their services and I want to make sure all the necessary origins are included. 我不只是要假设它是https://login.microsoftonline.com
因为Microsoft通常会在其服务中进行一些重定向,并且我想确保所有必需的来源都包括在内。
如果使用b2clogin.com,则应将CORS来源设置为https://login.microsoftonline.com
或https://{tenant}.b2clogin.com
.b2clogin.com 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.