Merge pull request #300625 from dlepow/corsd

prmerger-automator[bot] · web-flow · commit 3ce3de4b3523 · 2025-06-03T23:45:20.000Z
[APIM] CORS for dev portal custom domain
diff --git a/articles/api-management/configure-custom-domain.md b/articles/api-management/configure-custom-domain.md
@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/09/2025
+ms.date: 05/30/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -50,10 +50,10 @@ There are several API Management endpoints to which you can assign a custom doma
 | Endpoint | Default |
 | -------- | ----------- |
 | **Gateway** | Default is: `<apim-service-name>.azure-api.net`. Gateway is the only endpoint available for configuration in the Consumption tier.<br/><br/>The default Gateway endpoint configuration remains available after a custom Gateway domain is added. |
-| **Developer portal** | Default is: `<apim-service-name>.developer.azure-api.net` |
-| **Management** | Default is: `<apim-service-name>.management.azure-api.net` |
-| **Configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
-| **SCM** | Default is: `<apim-service-name>.scm.azure-api.net` |
+| **Developer portal** (all tiers except Consumption) | Default is: `<apim-service-name>.developer.azure-api.net` |
+| **Management** (classic tiers only) | Default is: `<apim-service-name>.management.azure-api.net` |
+| **Self-hosted gateway configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
+| **SCM** (classic tiers only) | Default is: `<apim-service-name>.scm.azure-api.net` |
 
 ### Considerations
 
@@ -62,6 +62,7 @@ There are several API Management endpoints to which you can assign a custom doma
 * Only API Management instance owners can use **Management** and **SCM** endpoints internally. These endpoints are less frequently assigned a custom domain name.
 * The **Premium** and **Developer** tiers support setting multiple hostnames for the **Gateway** endpoint.
 * Wildcard domain names, like `*.contoso.com`, are supported in all tiers except the Consumption tier. A specific subdomain certificate (for example, api.contoso.com) would take precedence over a wildcard certificate (*.contoso.com) for requests to api.contoso.com.
+* When configuing a custom domain for the **Developer portal**, you can [enable CORS](enable-cors-developer-portal.md) for the new domain name. This is needed for developer portal visitors to use the interactive console in the API reference pages.
 
 ## Domain certificate options
 
diff --git a/articles/api-management/enable-cors-developer-portal.md b/articles/api-management/enable-cors-developer-portal.md
@@ -6,19 +6,20 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 12/22/2023
+ms.date: 05/30/2025
 ms.author: danlep
 ---
 
 # Enable CORS for interactive console in the API Management developer portal 
+
+[!INCLUDE [premium-dev-standard-basic-premiumv2-standarv2-basicv2.md](../../includes/api-management-availability-premium-dev-standard-basic-premiumv2-standardv2-basicv2.md)]
+
 Cross-origin resource sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 
 
 To let visitors to the API Management [developer portal](developer-portal-overview.md) use the interactive test console in the API reference pages, enable a [CORS policy](cors-policy.md) for APIs in your API Management instance. If the developer portal's domain name isn't an allowed origin for cross-domain API requests, test console users will see a CORS error.  
 
 For certain scenarios, you can configure the developer portal as a CORS proxy instead of enabling a CORS policy for APIs.
 
-[!INCLUDE [premium-dev-standard-basic.md](../../includes/api-management-availability-premium-dev-standard-basic.md)]
-
 ## Prerequisites 
 
 + Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)
@@ -41,7 +42,6 @@ You can enable a setting to configure a CORS policy automatically for all APIs i
 
 ![Screenshot that shows where to check status of your CORS policy in the developer portal.](media/enable-cors-developer-portal/cors-azure-portal.png)
 
-
 ### Enable CORS policy manually
 
 1. Select the **Manually apply it on the global level** link to see the generated policy code.
@@ -57,6 +57,12 @@ You can enable a setting to configure a CORS policy automatically for all APIs i
 >
 > As a workaround, you can pass the subscription key in a query parameter.
 
+## CORS configuration for custom domain name
+
+If you configure a [custom domain](configure-custom-domain.md) for the developer portal and want visitors to use the test console on API reference pages, ensure that you enable CORS for the custom developer portal domain name.
+
+When configuring the custom domain, you can enable a setting to add an origin for your custom developer portal domain in the CORS policy. If CORS was already enabled for the default domain, both origins will be included in the CORS policy. You can change the CORS policy settings anytime.
+
 ## CORS proxy option
 
 For some scenarios (for example, if the API Management gateway is network isolated), you can choose to configure the developer portal as a CORS proxy itself, instead of enabling a CORS policy for your APIs. The CORS proxy routes the interactive console's API calls through the portal's backend in your API Management instance.
@@ -84,4 +90,4 @@ If you [self-host](developer-portal-self-host.md) the developer portal, the foll
 ## Related content
 
 * For more information about configuring a policy, see [Set or edit policies](set-edit-policies.md).
-* For details about the CORS policy, see the [cors](cors-policy.md) policy reference.
+* For details about the CORS policy, see the [cors](cors-policy.md) policy reference.
