I tried adding this policy in Resource sharing (CORS) in my blob storage via Azure Portal, but it has no effect. I am still able to access the blob file in any browser. How do I correctly set it up? Must only work for localhost:3000 origin. Allowed methods: GET, OPTION only.
Does Networking have to do with the issue?
>Solution :
You are misunderstanding the purpose of CORS rules. CORS rule will prevent the access to blob when the blob is accessed via JavaScript using AJAX calls. It will not prevent the access to a blob when it is accessed via its URL in a browser. From this link:
CORS is an HTTP feature that enables a web application running under
one domain to access resources in another domain. Web browsers
implement a security restriction known as same-origin policy that
prevents a web page from calling APIs in a different domain; CORS
provides a secure way to allow one domain (the origin domain) to call
APIs in another domain. See the CORS specification for details on
CORS.
To allow access from certain IP addresses, you will either need to set Firewall rules or use a Shared Access Signature with IP address restrictions.