ASM Transparent mode blocking CORS requests
Im sure that the ASM profile its causing this issue with the site, i made some tests and after removing the ASM profile from the virtual server there is no error from CORS in the browser. I also have searched abou this on DevCentral and found that this feature its from Proative Bot Defense, and its configured in DoS Profile, the problem is that i do not have an DoS profile on the virtual server, and its has became very diffcult to find the root cause of this.
Here iss on example of the request blocked in Google Chrome when the ASM profile its assign:
Access to XMLHttpRequest at 'https://app.host-a.com/Geral/MasterPage?pais=a` from origin 'https://www.host-b.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Do you guys have a clue were should i search for this strange behaviour ?