Forum Discussion
ASM Transparent mode blocking CORS requests
- Dec 16, 2018
Hi Hugo,
Thanks for the update. I agree, this is unacceptable. Never encountered something like this with ASM and I have dealt with CORS many times before. You can play with the CORS configuration through ASM or with an irule, I think that this is what I will do.
Stumbled upon very similar issue yesterday. When ASM is configured( simple profile ) even in transparent mode, users on mobile chrome receive CORS error on certain iframes. When ASM is disabled, everything works flawlessly. Need to verify if ASM is striping down the CORS headers...
Hello Alex,
In fact the ASM does this, the F5 support told me this its by design on ASM:
"If you do not enable cross-domain request enforcement, the system removes all cross-origin request headers and CORS is not allowed for the URL."
For me this its unacceptable, F5 ASM shouldnt do this by default, because we have an feature called "transparent mode" and this CORS protection should be disabled and allowing * (Wildcards) by default. I have requested an RFE for this.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com