Forum Discussion
nbenos_217832
Nimbostratus
NimbostratusCORS Enforcement on ASM
Hello, has anyone had success enforcing CORS through ASM. I have enabled and and allowed a wildcard for origins (for testing only), but I'm still unsuccessful seeing the headers replaced when I run a test. I get the following from google developer tools when fetching from my test site:
Access-Control-Allow-Origin' header is present on the requested resource.
Thanks, Nick
Erik_NovakEmployee
For Enforcement Mode, are you using "Enforce on ASM", "Remove all CORS Headers", or "Replace CORS Headers"? The idea is that ASM will compare the Origin header to the list of host names in your policy and the allowed origins for the respective URL (or wildcard in your case.)