Forum Discussion
ASM Transparent mode blocking CORS requests
- Dec 16, 2018
Hi Hugo,
Thanks for the update. I agree, this is unacceptable. Never encountered something like this with ASM and I have dealt with CORS many times before. You can play with the CORS configuration through ASM or with an irule, I think that this is what I will do.
Just found out that the ASM its removing the Security Headers from response, and then causing CORS erros for the clients.
Removed Headers:
Access-Control-Allow-Origin: https://www.app.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, *
in fact the headers are presented in HTTP_RESPONSE (APP>F5) but are removed in HTTP_RESPONSE_RELEASE (F5>CLient) by ASM.
Could this be an BUG or some feature by design? Because ASM transparent mode should not block/change anything in the request...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com