I have an Azure App Service based website that calls an Azure App Service based API (both Node.js based), but fails due to CORS issues. Both App Services are protected by Azure Active Directory but have no authentication code, rather relying on implicit passthrough authentication.
This issue is almost identical to what is raised below:
https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect/issues/7
However, in that case authentication was explicitly written into the code and was apparently resolved by simply changing reference to login.windows.net to use login.microsoftonline.com instead.
So my question is, is it possible to get the App Services/AAD to redirect to login.microsoftonline.com for passthrough authentication instead of login.windows.net?