Skip to main content

[Azure Websites PHP] Cross Domain request results in blank response page after Preflight HTTP OPTIONS


I've deployed a REST API application (CodeIgniter with Phil Sturgeon's Rest-Server library) on Azure Websites.

Although I've set the Access-Control-* header in my PHP application:
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');

(If you need a working test file, here's the gist for the test file)

But Azure Websites server doesn't return the headers in response.

And thus all requests to the server failed with the error message:
Origin is not allowed by Access-Control-Allow-Origin. 
In order to make sure there's no problem with my application, I've deployed the same code to And as expected, the application works just fine.

The same application deployed on Azure Websites is not working, but fine on Appfog.


After talking to Microsoft Support, we found out that its because the default PHP-CGI handler does not handle the "OPTIONS" verb!

The solution is pretty simply, just edit your web.config file (or add it, in your root directory) to drop PHP54_via_FastCGI, and add it back with OPTIONS in the verb attribute.
  <remove name="OPTIONSVerbHandler" />
  <remove name="PHP54_via_FastCGI" />
  <add name="PHP54_via_FastCGI" path="*.php" verb="GET,HEAD,POST,OPTIONS" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v5.4\php-cgi.exe" resourceType="Either" />
Your web.config file should look something like this.

Hope this helps PHP developers on Azure Websites like me :)


Popular posts from this blog

Recent activity on my Gmail just revealed that there's this app "Authorized Application (" from IP address assessing my Gmail.

The IP address is from a Amazon server (IP Lookup).

And blacklist check ( shows that the IP is clean too.

Clicking on the "Manage Account Access" didn't give any information on the application "".

After Googling, it appears that the app is Mailbox (source:!topic/gmail/9LVW_etXyTE)

To make things easy, Google should show the applications with their ID.

Backup MySQL to Azure Storage in 30 Seconds

Step 1. Disable password prompt for "mysqldump command"mysqldump: Got error: 1045: Access denied for user 'root'@'localhost' (using password: NO) when trying to connect 1. Run "vi ~/.my.cnf"
2. Add the following lines

[mysqldump]user=mysqluser password=secret
3. For Bitnami, you'll need to append the following line in "/opt/bitnami/mysql/my.cnf"

!include ~/.my.cnf
4. Try running to see if the command works.
mysqldump --all-databases > /home/bitnami/backups/db-backup.sql

Step 2(a). Install Azure-CLI Prerequisites: Installing npm.sudo apt-get update sudo apt-get install nodejs sudo apt-get install npm Note: If you facing issue while installing nodejs/npm on Ubuntu 12.04, you can refer to his article for alternative way to install, or this

Install Azure CLI.npm install azure-cl…

Generate GoDaddy SSL Certificate (.crt) for Azure Websites (.pfx)

Step 1: Getting GoDaddy SSL cert.
Let's say you have a domain name of You'll first need to generate the the .csr file for GoDaddy with the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout -out

This gives you 2 files: - This is the private key - This is the Certificate Signing Request

Copy the content of file to the SSL signing authority (GoDaddy).

Once approved, GoDaddy give you back a .zip file with the following 2 files:

18f1c77f369c0b59.crt - This is your cert
gd_bundle-g2-g1.crt - This is the GoDaddy Certificate Chain

Step 2: Convert a CERT/PEM certificate to a PFX certificate
openssl pkcs12 -export -out -inkey -in 18f1c77f369c0b59.crt

Step 3: Certificate to Upload to Azure.

Step 4: Assign SSL Bindings.

Step 5: Done!