After conducting some research, it seems that several factors are contributing to the issue at hand.
CORS
The use of an HTTPS domain in connection with HTTP localhost is triggering CORS validation. While I believe my service has CORS properly configured, there seem to be specific browser behaviors related to dealing with localhost causing the problem.
Tests
For testing purposes, I am utilizing Rest test test on HTTPS and a locally hosted JSON Server on HTTP to run tests outside of my Azure Functions-based rest service. The comparison is being made against the HTTPS-hosted version of JSON Server available at JSONPlaceholder.
Two types of tests are being performed - simple and preflighted, each demonstrating different behaviors. Preflighted requests involve a custom header, resulting in an initial OPTIONS request before the actual GET request.
https://i.sstatic.net/n19TP.png
Browser Behaviours on Localhost with Protection Disabled
TL/DR: Firefox and Chrome do not support both simple and preflighted requests.
Firefox
Disabling protection is necessary in Firefox to allow mixed content (HTTP within HTTPS) or else the console displays
Blocked loading mixed active content
errors without any actions taken.
https://i.sstatic.net/55NCW.png
Even with protection disabled, Firefox continues to block simple and preflighted requests. In the case of preflighted requests, Firefox does not initiate any request at all, displaying warnings concerning mixed content and CORS in the console.
https://i.sstatic.net/8F9Jq.png
Chrome
Similar to Firefox, disabling protection in Chrome allows mixed content. However, Chrome does not successfully complete any requests but does execute the preflight OPTIONS request.
https://i.sstatic.net/zqZ4X.png
https://i.sstatic.net/OUXlK.png
Browser Behaviours on 127.0.0.1 with Protection Enabled
TL/DR: Simple and preflighted requests work in Chrome, but only simple requests work in Firefox.
An improvement regarding how Chrome and Firefox handle requests from appears to have been implemented, while WebKit/Safari is still contemplating the matter.
MDN documentation includes a note explaining these changes.
According to my tests, it is unclear whether the behavior towards localhost in Chrome remains consistent.
Firefox
Under protection, Firefox supports simple requests, but preflighted requests continue to fail with CORS warnings possibly indicating a bug in Firefox.
https://i.sstatic.net/yU5mO.png
Chrome
Enabling protection allows both simple and preflighted requests to function as expected in Chrome.
https://i.sstatic.net/yU9Qu.png
Azure Function
Returning to my Azure Functions-based rest service, attempting to test the service over 127.0.0.1 using Chrome proved unsuccessful.
It seems that Azure Functions are hardcoded for localhost and do not respond appropriately to requests made to 127.0.0.1. Even accessing the API through 127.0.0.1 is not possible.
An alternate solution involves setting up Azure Functions for HTTPS, as described here: How to run Azure Function locally within Visual Studio on HTTPS?