You shouldn't get CORS issues loading assets, if they're just being loaded via link
, script
and img
tags and the like. CORS only applies to AJAX requests made by JavaScript code in browsers.
Also, if the CORS rules are correctly configured on the Azure Storage account Blob service, the domain you use to address the account is irrelevant; it's the domain the current web page was served from (the Origin domain) that must be accepted by the CORS-enabled service.
So for example, if your page is served from yaysite.com, and you try to access a resource on yay.blob.core.windows.net using an XMLHttpRequest, the browser will add an Origin header to the request:
Origin: http://yaysite.com
The server at yay.blob.core.windows.net then needs to return an Access-Control-Allow-Origin header matching that to the response headers:
Access-Control-Allow-Origin: http://yaysite.com
If the browser doesn't see this header in the response, it will discard the data and the XMLHttpRequest object will trigger the error
event.
Setting CORS rules on Azure Storage is described in this MSDN blog post.