You cannot call Azure Functions from JavaScript unless you configure the CORS settings for your Function Apps:
Azure Functions CORS Settings
This is because Microsoft have by default enabled CORS and only allows only some azure domains to access the Function Apps:
Default CORS Settings
So to enable access from your JavaScript you have to add your domain to the list of allowed origins.
If you wish to allow every domain to access your apps, you must remove all domains from the list and add a “*” to the list as the only entry:
Allow all
However, this is widely regarded as a bad move, as all security is thrown out of the window. Azure Functions only security measurements are security tokens passed a parameters, and when calling the Azure Function from JavaScript, this token is exposed to the entire world. You should carefully consider the security implications before allowing every hacker access to your Azure Functions.
Happy coding!
MORE TO READ:
- What is CORS? from Codeacademy
- What are the ways to secure Azure functions from StackOverflow
- Simplifying security for serverless and web apps with Azure Functions and App Service by Matthew Henderson, Microsoft