webapp az resource update --name web --resource-group $RESOURCEGROUP --namespace Microsoft.Web --resource-type config --parent sites/$WEBAPP_NAME --set properties.cors.allowedOrigins=null --api-version 2015-06-01 Before After "cors": { "allowedOrigins": null, "supportCredentials": false }, "cors": null, Intermediate container • CORS • EasyAuth .NET Core application Kestrel → Max 25 MB upload