I have setup WordPress on a Web App + Azure Database for MySQL. This is behind a Front Door/WAF/CDN.

I have enabled WP to have the web app url as admin url and custom domain as the site URL.
This mostly works fine until I come across various CORS issues when using WordPress’ REST API functionality (creating new posts via Gutenburg editor).

I get 403 forbidden errors in the browser console as it looks to be sending POST/GET requests to the custom domain url from the webapp url. If I change the admin url to be the same as site url then there is no problem but this won’t work for me as will have two sites behind a load balancer with different admin urls.

I enabled CORS for both endpoint domain and custom domain to no avail. Access-Control-Allow-Credentials is also enabled. I also purged Front Door cache and local browser cache before testing.

Any ideas or suggestions are welcome.