Share via

Teams Bot messages not reaching local backend via cloudflare tunnel

sherlock457 0 Reputation points
2026-04-15T19:11:24.8366667+00:00

I am running my bot backend locally and exposing it through a cloudflare tunnel.This setup was working earlier, but for last few days messages sent from microsoft teams do not reach my local backend anymore.
From Teams client side, I see some cors error, my local backend logs show no incoming request for the teams message route. In rare cases , after waiting a long time i am getting this error logs in my backend "CORS origin is denied. The origin azure.com is not allowed"

Azure AI Bot Service
Azure AI Bot Service

An Azure service that provides an integrated environment for bot development.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SAI JAGADEESH KUDIPUDI 3,125 Reputation points Microsoft External Staff Moderator
    2026-04-25T18:27:31.8+00:00

    Hi sherlock457,
    It sounds like your Teams-hosted bot used to work through your Cloudflare Tunnel but now Teams messages never hit your local /api/messages endpoint—and sometimes you see a CORS block complaining about azure.com not being allowed. Let’s break down some things to check and next steps:

    1. Verify your tunnel & messaging endpoint
      • Make sure your Cloudflare Tunnel is up and forwarding HTTPS traffic to your local bot port (typically 3978).
      • In the Azure portal, open your Bot’s Configuration (Messaging endpoint) and confirm it exactly matches your tunnel URL + /api/messages.
      • If you’ve recently rotated URLs or redeployed the tunnel container, update the endpoint and hit Apply.
      Docs: “Debug a bot from any channel using a tunnel” (step 1–3).
    2. Test reachability from outside
      • From any machine on the public internet (for example, via a phone hotspot), run: curl -I https://<your-tunnel>.trycloudflare.com/api/messages You should get back a 405 (method not allowed) or 400, not a connection error.
      • Then POST a minimal activity payload to see if it even touches your app:
    bash
     curl -X POST https://<your-tunnel>.trycloudflare.com/api/messages \
       -H "Content-Type: application/json" \
       -d '{"type":"message","from":{"id":"test"},"text":"hello"}'
     ```

    If nothing logs locally, the tunnel or Azure Bot Service registration is still off.

    Docs: “How do I test network connectivity between bots and a channel?”

    1. Is it a pure Teams-to-Bot Service call or client-side Web Chat?
      • Teams channel calls your bot via the Azure Bot Service proxy (server-to-server), so CORS isn’t involved and no Origin header should be set.
      • If you’re embedding the Bot Framework Web Chat control in a Teams tab (or similar) you will see browser CORS preflights. In that case you need to allow the browser’s Origin (e.g. https://teams.microsoft.com or *.azure.com) in your CORS policy. 
    Example for an Express app:  
     ```js
     const cors = require('cors');
     app.use(cors({
       origin: [
         'https://teams.microsoft.com',
         /\.azure\.com$/
       ],
       credentials: true
     }));
    1. Quick Web Chat sanity check
      • In your Bot’s resource blade, switch to the Web Chat test panel and try sending a message.
      • If Web Chat fails the same way, you’ve pinpointed the issue to your tunnel/CORS settings, not the Teams channel.
      Docs: “Test Your Bot In Web Chat” quickstart.
    2. If everything above looks good but Teams still doesn’t connect
      • Remove & re-add the Teams channel in Azure Bot Service.
      • Double-check your Bot’s Microsoft App ID & Password in your local app settings—an auth hiccup could prevent server-to-server calls.
      • Review Cloudflare logs to see if any requests from Azure Bot Service IPs are being blocked or rate-limited by your tunnel.

    Follow-up questions to narrow this down:

    • Can you successfully reach your tunnel endpoint with curl/Postman from a public network?

    • Are you testing via the Teams client channel or embedding Web Chat in a Teams tab?

    • What domain/origin does your backend’s CORS middleware currently allow?

    • Have you updated the Messaging endpoint in the Azure portal since your tunnel URL last changed?

    Hope this helps you pinpoint where the request is getting stuck! Let me know what you see when you run those curl tests and which scenario (pure Teams vs. browser Web Chat) you’re running.

    Reference list:

    1. Debug a bot from any channel using a tunnel

    2. How do I test network connectivity between bots and a channel?

    1. Test Your Bot In Web Chat quickstart
    2. Bot Service CORS tips (via your own middleware)

    Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.
    Please do not forget to "Accept Answer" and "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.

    Was this answer helpful?

  2. Amira Bedhiafi 41,641 Reputation points MVP Volunteer Moderator
    2026-04-17T18:46:09.2133333+00:00

    Hello !

    Thank you for posting on MS Learn Q&A.

    For local Teams bot debugging, the supported pattern as exposing your local bot through a public HTTPS tunnel and setting the bot messaging endpoint to that tunnel URL plus /api/messages.

    https://learn.microsoft.com/en-us/azure/bot-service/bot-service-debug-channel-devtunnel?view=azure-bot-service-4.0

    If Teams messages are not even appearing in your local logs, the request is likely being blocked before your bot logic runs either by Cloudflare Tunnel behavior, by your appCORS middleware or by another configuration.

    The browser CORS error you see in Teams can be misleading. Bot messages are normally delivered to your bot over the configured HTTPS messaging endpoint and if your backend rejects the origin or your tunnel doesn’t forward correctly, Teams can have a failure while your bot never receives the POST.

    Was this answer helpful?

    0 comments

  3. AI answer

    2026-04-15T19:11:38.21+00:00

    Teams bots must be reachable over a publicly accessible HTTPS endpoint without being blocked by CORS or the tunneling layer. The context shows two supported patterns for local debugging:

    1. Use a tunneling tool such as ngrok or dev tunnels.
    2. Configure the bot’s messaging endpoint (and Teams app manifest) to use the tunnel URL.

    Cloudflare Tunnel is not covered in the context, but the symptoms match a tunneling/CORS misconfiguration: Teams calls the bot’s HTTPS endpoint, the tunnel or backend enforces CORS and rejects the origin (for example azure.com), so the request never reaches the bot logic.

    To restore functionality using the supported pattern:

    1. Switch to a supported tunneling tool for local debugging
      • Install and run ngrok: 
             ngrok http <port> --host-header=localhost:<port>
      • Note the generated https://<random>.ngrok.io URL.
    2. Update the bot’s messaging endpoint to the tunnel URL
      • For a Bot Framework–registered bot, set the messaging endpoint to the ngrok URL plus /api/messages, for example: https://<random>.ngrok.io/api/messages.
      • This can be done either in the Bot Framework configuration or in the Azure Bot resource configuration while the tunnel is running.
    3. Update the Teams app manifest
      • Replace any previous bot endpoint URL with the new ngrok HTTPS URL wherever the bot endpoint is referenced in manifest.json.
    4. Keep the tunnel running and stable
      • If ngrok is restarted, a new URL is generated. Update the messaging endpoint and manifest again when that happens.
    5. Avoid blocking Teams with CORS on the bot endpoint
      • The bot endpoint is called server-to-server by the Bot Framework/Teams service, not from a browser. CORS checks on that endpoint should either be disabled or configured to allow the Bot Framework/Teams origins so that requests are not rejected.

    If the bot must remain locally hosted, using ngrok or the documented dev tunnel approach and ensuring the messaging endpoint is updated to the active tunnel URL is the supported way to ensure Teams messages reliably reach the local backend.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.