BenchMark Quizzes by MDFT Pro

Resolve API Access Error

You work as an API Developer for MDFT Pro, a well-known training agency that delivers cloud certification courses to students worldwide. Mark, the Full Stack Development Lead, has developed and deployed a Java RESTful API to Azure App Service that provides course catalog information, student enrollment data, and quiz results.

The API is designed to be consumed by the student web portal (running at localhost:6000 during development) and will eventually be accessed by the production web application at portal.mdftpro.com. During testing, when you open a browser and navigate to the API endpoint at api-mdftpro.azurewebsites.net/api/Courses, you receive the following error message:

Failed to load api-mdftpro.azurewebsites.net/api/Courses: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ’localhost:6000’ is therefore not allowed access.

The web portal needs to successfully call the API to display course information to students. What should you do to resolve this error and allow the web portal to access the API?

Choose the correct answer from the options below.

Explanations for each answer:

Bind an SSL certificate is incorrect. SSL certificates enable HTTPS connections and secure data transmission, but they don't address cross-origin resource sharing (CORS) issues. The error indicates that the browser is blocking the request because the API doesn't have the proper CORS headers to allow requests from a different origin (localhost:6000).
Enable authentication is incorrect. While authentication secures access to the API, it doesn't resolve CORS errors. The Access-Control-Allow-Origin header issue occurs before authentication is even checked—it's a browser security policy that prevents cross-domain requests unless explicitly allowed by CORS headers.
Enable CORS is correct. Enabling CORS (Cross-Origin Resource Sharing) in Azure App Service adds the necessary Access-Control-Allow-Origin headers to API responses. This allows the browser to accept responses from the API when requests originate from different domains (like localhost:6000). You can configure allowed origins through the Azure Portal or Azure CLI.
Map a custom domain is incorrect. Mapping a custom domain changes the URL used to access the API but doesn't affect CORS policies. The error would still occur because the browser blocks cross-origin requests regardless of the domain name unless proper CORS headers are configured.
Add a CDN is incorrect. A Content Delivery Network (CDN) improves performance by caching content at edge locations, but it doesn't resolve CORS errors. The CDN would actually need its own CORS configuration to work with cross-origin requests, making this solution unnecessarily complex for solving the immediate problem.

Learn more about CORS in App Service:

Configure CORS

Practice Exam

Resolve API Access Error

Discuss this question on social media: