Forum Discussion

cv_01_137078

Nimbostratus

Nov 05, 2013

Access-Control-Allow-Origin on F5

Please guide me as to how Access-Control-Allow-Origin header is inserted on F5

IheartF5_45022

Nacreous

Nov 05, 2013

Another way to approach is this (we actually have this running in prod - we have some clients for which CORS support in the server is mandatory, so we fake it);

when HTTP_REQUEST {

   if {[HTTP::method] eq "OPTIONS"} {

       HTTP::respond 200 Access-Control-Allow-Origin "[HTTP::header Origin]" \
                    Access-Control-Allow-Methods "POST, GET" \
                    Access-Control-Allow-Headers "soapaction" \
                    Access-Control-Allow-Credentials "true"
       return
  } 
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Access-Control-Allow-Origin on F5

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

Introducing F5 Insight for ADSP

2026 F5 DevCentral MVP Announcement

Introducing F5 AI Guardrails

F5 HTTPS Redirect 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS