Forum Discussion

cv_01_137078

Nimbostratus

Nov 05, 2013

Access-Control-Allow-Origin on F5

Please guide me as to how Access-Control-Allow-Origin header is inserted on F5

Kevin_Stewart

Employee

Nov 05, 2013

Had to do a little research on CORS:

http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

And based on the above, this is perhaps a start:

when HTTP_REQUEST {
    if { [HTTP::header exists Origin] } {
        set origin_host [HTTP::header Origin]
    }
}
when HTTP_RESPONSE {
    if { [info exists origin_host] } {
        if { $origin_host equals "http://www.example.com" } {
            HTTP::header insert Access-Control-Allow-Origin $origin_host
        }
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Access-Control-Allow-Origin on F5

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

F5 rSeries || Upgrade tenant

Related Content

F5 HTTPS Redirect 2025

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

Introducing the F5 Application Study Tool (AST)

Modernizing F5 Platforms with Ansible

Automating Certificate Management on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS