Forum Discussion
NimbostratusCORS Header for OAUTH2 APM
NimbostratusWe are having the same issue, at this time we have two virtual servers in a layered fashion and one of them is just for adding headers in the response.
Our approach is now using Open-id, so we are seeing that F5 does not add the headers at their own responses in the oauth URLs, EJ. {fqdn}/.well-known/openid-configuration
At this time, the solution for me is changing in someway the f5 internal server (apache) to add CORS response headers at any of the responses, but I don't know how, yet.
By th way, the iRule in this case, where we are using Open-id, will not work because the HTTP::Response will trigger only if the traffic comes from the server side. In this case, the Open-id portal and Oauth services run only in the client side.
- Daniel_W__13795
Hi,
I solved the issue without layered VS. I't simply using HTTP_RESPONSE_RELEASE instead of HTTP_RESPONSE
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { unset -nocomplain cors_origin if { [HTTP::header "Origin"] contains "mydomain.com" } { set cors_origin [HTTP::header "Origin"] log local0. "CORS Origin seen: [HTTP::header "Origin"]" } } when HTTP_RESPONSE_RELEASE { CORS GET/POST response - check cors_origin variable set in request if { [info exists cors_origin] } { HTTP::header insert "Access-Control-Allow-Origin" $cors_origin log local0. "CORS Header sent: Access-Control-Allow-Origin $cors_origin" } }
