For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Jul 26, 2023

CORS - Pre Flight vs ASM & APM

Hi   So I have 2 VS VS_A with ASM attached and forwards to VS_B with APM attached   I have written irule for handling CORS request that sits on VS_A based on https://community.f5.com/t5/codesha...
ASM APM CORS
devops
security
Anonymous's avatar
Anonymous
Aug 11, 2023

I think it seems like you have a complex setup involving multiple Virtual Servers (VS) and the use of irules for handling CORS requests and OAuth authentication. You've described issues with CORS preflight requests, OAuth token refreshing, and unexpected behavior with certain URLs.  Use tools like browser developer tools, Fiddler, or Wireshark to inspect the HTTP headers exchanged during the CORS preflight requests, OAuth token refreshing, and other interactions. This can help you identify any unexpected headers or missing configurations. Create controlled test scenarios where you isolate specific components of your setup. For example, test the CORS preflight requests separately from the OAuth token refreshing to identify which step is causing the unexpected behavior.