Forum Discussion
NimbostratusAccess-control-allow-origin changing according domains
Hi guys,
I would like to ask about your help.
I have to apply multiple Access-control-allow-origin for particular domains via irule
Description of the task is something like this:
When a client is going from domain A to source portal, the response should containt header Access-control-allow-origin domain A
When a client is going from domain B to source portal, the response should containt header Access-control-allow-origin domain B
etc
I need to see only header which contain particular domain * which I came from as a client
I was able to create only this:
when HTTP_RESPONSE {
if !{[HTTP::header exists "Access-Control-Allow-Origin"]} {
HTTP::header insert Access-Control-Allow-Origin "domain A"
HTTP::header insert Access-Control-Allow-Origin "domain B"
HTTP::header insert Access-Control-Allow-Origin "domain C"} }
but it doesnt do what I need and I am not able to create some conditional in that irule for particular domain and I see all CORS headers in one time via curl
I have been trying to do this via policy but, it seems to me that it doesnt work as well
I appreciate any help
AK
iaineNacreous
Hi
How are you determining if a client originates from domainA or domainB - are they coming from a particular subnet for instance?
kouriada_284551Hi,
client will come from particular web page( where will be login page into source web page), so I can determine that according particular fqdn of that domainA or BI have been thinking that I could solve that like this: *.domainA, *.domainB and add those *.domains to Data groupe list and write something like this: if { ! [class match $act_uri contains allow_domains] and that the particular domain will be added to Access-Control-Allow-Origin *.domainA or *.domainB according client comes from
or just write it down into couple simple irules, theoreticaly:*for .domainA:
http:Request
if http: host equal domainA
than
http response:
http:header Access-Control-Allow-Origin domainA<>br*for .domainB:
http:Request
if http: host equal domainA
than
http response:
http:header Access-Control-Allow-Origin domainA<>bretc
make it sense?
I am not strong enough in writing of irulesAK
youssef1Cumulonimbus
Hello,
you can use this share code ( Rory Hewitt 😞
https://devcentral.f5.com/codeshare/cors-implementation
Domains that are allowed to make cross-domain calls to example.com class allowed_origins { ".example.com" ".example2.com" ".goodpartner.com" } when HTTP_REQUEST { unset -nocomplain cors_origin if { [class match [HTTP::header Origin] ends_with allowed_origins] } { if { ( [HTTP::method] equals "OPTIONS" ) and ( [HTTP::header exists "Access-Control-Request-Method"] ) } { CORS preflight request - return response immediately HTTP::respond 200 "Access-Control-Allow-Origin" [HTTP::header "Origin"] \ "Access-Control-Allow-Methods" [HTTP::header "Access-Control-Request-Method"] \ "Access-Control-Allow-Headers" [HTTP::header "Access-Control-Request-Headers"] \ "Access-Control-Max-Age" "86400" \ "Vary" "Origin" } else { CORS GET/POST requests - set cors_origin variable set cors_origin [HTTP::header "Origin"] } } } when HTTP_RESPONSE { CORS GET/POST response - check cors_origin variable set in request if { [info exists cors_origin] } { HTTP::header insert "Access-Control-Allow-Origin" $cors_origin HTTP::header insert "Access-Control-Allow-Credentials" "true" HTTP::header insert "Vary" "Origin" } }