Access-Control-Allow-Origin

Question

Hi,&nbsp;
When I opening same web page  - on the developer mode (Chrom) I see below errors:&nbsp;
&nbsp;
And some option in the website does not working well.&nbsp;
When I disabling the ASM profile - I dont see those errors, and wesite working well&nbsp;
Does anyone knows what the issue above means ?&nbsp;
Thank you.&nbsp;

samstep · Answer

Proactive Bot Defense feature blocks CORS requests even for legitimate users. CORS requests are blocked because browsers typically do not include the required cookies when allowing cross-domain requests to prevent session riding attacks by attackers trying to access live sessions and sensitive data from other domains.&nbsp;
Therefore, if you enable Proactive Bot Defense and your web site uses CORS, you should add the CORS URLs to the proactive bot URL whitelist. Those URLs will not be defended from bots proactively, but they will not be blocked, and will still be protected by other enabled DoS detections and mitigations.&nbsp;
In your case it looks like your app is using a Live Chat app called "tawk.to" which needs to be whitelisted in Proactive Bot Defense URL whitelist.&nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

Forum Discussion

Access-Control-Allow-Origin

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

Access-control-allow-origin changing according domains

Access-Control-Allow-Origin on F5

Access-Control-Allow-Origin iRule Strange Error

iControlREST Access-Control-Allow-Origin Response Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS