Forum Discussion

cv_01_137078

Nimbostratus

Nov 05, 2013

Access-Control-Allow-Origin on F5

Please guide me as to how Access-Control-Allow-Origin header is inserted on F5

IheartF5_45022

Nacreous

Nov 05, 2013

Another way to approach is this (we actually have this running in prod - we have some clients for which CORS support in the server is mandatory, so we fake it);

when HTTP_REQUEST {

   if {[HTTP::method] eq "OPTIONS"} {

       HTTP::respond 200 Access-Control-Allow-Origin "[HTTP::header Origin]" \
                    Access-Control-Allow-Methods "POST, GET" \
                    Access-Control-Allow-Headers "soapaction" \
                    Access-Control-Allow-Credentials "true"
       return
  } 
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Access-Control-Allow-Origin on F5

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

F5 rSeries || Upgrade tenant

Related Content

F5 HTTPS Redirect 2025

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

Introducing the F5 Application Study Tool (AST)

Modernizing F5 Platforms with Ansible

Automating Certificate Management on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS