Azure Blob CORS setup for multiple certain hosts

Question

The limitations to configure CORS in Blob storages are frustrating me.

• maximum 265 characters
• no wildcard hosts
• maximum 5 CORS rules

As a result of these restrictions, I come to a maximum of ~48 hosts.

See learn.microsoft.com.

For my scenario (private cdn to serve assets like js, css, fonts), I can not see any other way to use * for AllowedOrigins. Is it the only way? Nobody (no other host) should be able to use my licensed fonts (https://www.viget.com/articles/cors-youre-doing-it-wrong).

Integration

A wildcard like *.int.any.local.network could be a solution.

http://brand-AT.int.any.local.network
http://brand-be.int.any.local.network
http://brand-bg.int.any.local.network
http://brand-ca.int.any.local.network
http://brand-ch.int.any.local.network
http://brand-cn.int.any.local.network
http://brand-tr.int.any.local.network
http://brand-cz.int.any.local.network
http://brand-de.int.any.local.network
http://brand-dk.int.any.local.network
http://brand-es.int.any.local.network
http://brand-fi.int.any.local.network
http://brand-fr.int.any.local.network
http://brand-co.uk.int.any.local.network
http://brand-hu.int.any.local.network
http://brand-ie.int.any.local.network
http://brand-it.int.any.local.network
http://brand-nl.int.any.local.network
http://brand-pl.int.any.local.network
http://brand-pt.int.any.local.network
http://brand-ro.int.any.local.network
http://brand-ru.int.any.local.network
http://brand-se.int.any.local.network
http://brand-sk.int.any.local.network
http://brand-tr.int.any.local.network
http://brand-us.int.any.local.network
http://brand-za.int.any.local.network

Staging

A wildcard like *.qs.any.dmz.network could be a solution.

http://brand-AT.qs.any.dmz.network
http://brand-be.qs.any.dmz.network
http://brand-bg.qs.any.dmz.network
http://brand-ca.qs.any.dmz.network
http://brand-ch.qs.any.dmz.network
http://brand-cn.qs.any.dmz.network
http://brand-tr.qs.any.dmz.network
http://brand-cz.qs.any.dmz.network
http://brand-de.qs.any.dmz.network
http://brand-dk.qs.any.dmz.network
http://brand-es.qs.any.dmz.network
http://brand-fi.qs.any.dmz.network
http://brand-fr.qs.any.dmz.network
http://brand-co.uk.qs.any.dmz.network
http://brand-hu.qs.any.dmz.network
http://brand-ie.qs.any.dmz.network
http://brand-it.qs.any.dmz.network
http://brand-nl.qs.any.dmz.network
http://brand-pl.qs.any.dmz.network
http://brand-pt.qs.any.dmz.network
http://brand-ro.qs.any.dmz.network
http://brand-ru.qs.any.dmz.network
http://brand-se.qs.any.dmz.network
http://brand-sk.qs.any.dmz.network
http://brand-tr.qs.any.dmz.network
http://brand-us.qs.any.dmz.network
http://brand-za.qs.any.dmz.network

Live

All live host must be added. No wildcard is save here.

http://www.brand.at
http://www.brand.be
http://www.brand.bg
http://www.brand.ca
http://www.brand.ch
http://www.brand.cn
http://www.brand.tr
http://www.brand.cz
http://www.brand.de
http://www.brand.dk
http://www.brand.es
http://www.brand.fi
http://www.brand.fr
http://www.brand.co.uk
http://www.brand.hu
http://www.brand.ie
http://www.brand.it
http://www.brand.nl
http://www.brand.pl
http://www.brand.pt
http://www.brand.ro
http://www.brand.ru
http://www.brand.se
http://www.brand.sk
http://www.brand.tr
http://www.brand.us
http://www.brand.za

Answer 1

According to the rules of Azure Blob CORS Allowed origins. We could add up to 64 origin domains per CORS rule. Since we can add up to 5 rules, the max origin domains support by Azure Storage is 320(64*5). You could set the origin domain as following format.

http://aa.com,http://bb.com,http://cc.com

If the origin domains count which you need to set is max than 320, you need to use multi Azure Storage Accounts.