Forum Discussion

cv_01_137078

Nimbostratus

Nov 05, 2013

Access-Control-Allow-Origin on F5

Please guide me as to how Access-Control-Allow-Origin header is inserted on F5

Kevin_Stewart

Employee

Nov 05, 2013

Had to do a little research on CORS:

http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

And based on the above, this is perhaps a start:

when HTTP_REQUEST {
    if { [HTTP::header exists Origin] } {
        set origin_host [HTTP::header Origin]
    }
}
when HTTP_RESPONSE {
    if { [info exists origin_host] } {
        if { $origin_host equals "http://www.example.com" } {
            HTTP::header insert Access-Control-Allow-Origin $origin_host
        }
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Access-Control-Allow-Origin on F5

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

F5 HTTPS Redirect 2025

F5 Threat Report - November 19th, 2025

F5 Threat Report - November 26th, 2025

Introducing the F5 Application Study Tool (AST)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS