Better CORS methods and headers description

Andre Dewes · Andre Dewes · commit ba0c285fa0cc · 2022-09-30T10:01:06.000-03:00
diff --git a/articles/app-service/app-service-web-tutorial-rest-api.md b/articles/app-service/app-service-web-tutorial-rest-api.md
@@ -195,6 +195,9 @@ You can use your own CORS utilities instead of App Service CORS for more flexibi
 >
 >
 
+## Allowed CORS methods and headers
+The built-in App Service CORS feature does not have options to allow only specific HTTP methods or verbs for each origin that you specify. It will automatically allow all methods and headers for each origin defined. This behavior is similar to [ASP.NET CORS](https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0#enable-cors-with-attributes) policies when you use the options `.AllowAnyHeader()` and `.AllowAnyMethod()` in the code.
+
 [!INCLUDE [cli-samples-clean-up](../../includes/cli-samples-clean-up.md)]
 
 <a name="next"></a>

Original file line number	Diff line number	Diff line change
`@@ -195,6 +195,9 @@ You can use your own CORS utilities instead of App Service CORS for more flexibi`
`195`	`195`	`>`
`196`	`196`	`>`
`197`	`197`
	`198`	`+## Allowed CORS methods and headers`
	`199`	+The built-in App Service CORS feature does not have options to allow only specific HTTP methods or verbs for each origin that you specify. It will automatically allow all methods and headers for each origin defined. This behavior is similar to [ASP.NET CORS](https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0#enable-cors-with-attributes) policies when you use the options `.AllowAnyHeader()` and `.AllowAnyMethod()` in the code.
	`200`	`+`
`198`	`201`	`[!INCLUDE [cli-samples-clean-up](../../includes/cli-samples-clean-up.md)]`
`199`	`202`
`200`	`203`	`<a name="next"></a>`