Azurite SAS query token access to blob file

Which service(blob, file, queue, table) does this issue concern?

blob

Which version of the Azurite was used?

$ docker run --rm mcr.microsoft.com/azure-storage/azurite:latest azurite --version           
3.15.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

mcr.microsoft.com/azure-storage/azurite:latest

What’s the Node.js version?

/opt/azurite # node --version
v14.17.0

What problem was encountered?

SAS token access does not work when the connect string references service endpoints not running on localhost, as per default.

Steps to reproduce the issue?

I am using two separate containers, one called “azurite” running azurite, and one called “func” that hosts the local Azure Function App development environment. If I run the function app stack on the host directly and use a connection string that references localhost (and export those ports as per documentation on Azurite) it works.

The following code will give me an URL that I can access in Azure, but Azurite will give a 403.

    import { BlobClient, BlobSASPermissions } from '@azure/storage-blob'

    try {
        const blobName = "input.json"
        const client = new BlobClient(connectionString, "invoices", blobName)
        const options = {
            permissions: BlobSASPermissions.from({ read: true }),
            expiresOn: new Date(Date.now() + 24 * 3600 * 1000),
            // startsOn: new Date(Date.now() - 300 * 1000),
            // protocol: SASProtocol.HttpsAndHttp,
        }
        //const url = (await client.generateSasUrl(options)).replace(/%2F/g,"/")
        const url = await client.generateSasUrl(options)
        context.log(url)
    }
    catch (err) {
        console.log(err)
    }

Have you found a mitigation/solution?

No