Forum Discussion
houstonrob
Nimbostratus
NimbostratusCORS iRule Problem
I'm having a lot of trouble setting CORS headers and I'm hoping someone with more familiarity can help me out. This is my first time working with CORS, in fact until a few days ago I had never even h...
houstonrobNimbostratus
NimbostratusThis board would not let me post this as one message, kept saying its spam. Here's the iRule
when HTTP_REQUEST {
set Origin [HTTP::header Origin]
if { [HTTP::header exists Origin] } {
log local0. "We found an origin header:[HTTP::header Origin]"
if { [HTTP::header Origin] eq "https://siteA.domain.com" } {
log local0. "it did equal siteA $Origin and the method is [HTTP::method]"
switch [HTTP::method] {
"OPTIONS" {
log local0. "hitting the OPTIONS response"
HTTP::respond 200 noserver Allow "GET,HEAD,POST,OPTIONS" \
Access-Control-Allow-Origin "[HTTP::header Origin]" \
Access-Control-Allow-Methods "GET,POST" \
Access-Control-Max-Age "86400" \
Access-Control-Allow-Credentials "true"
return
}
"GET" {
log local0. "method is get setting the Origin variable with [HTTP::header Origin]"
set Origin [HTTP::header Origin]
}
"POST" {
log local0. "method is get setting the Origin variable with [HTTP::header Origin]"
set Origin [HTTP::header Origin]
}
}
} else {
log local0. "The origin header did not match siteA $Origin"
if {[HTTP::method] eq "OPTIONS"} {
log local0. "Wasnt siteA and method was options"
HTTP::respond 200 noserver Allow "GET,POST,HEAD,OPTIONS"
return
}
}
}
}
when HTTP_RESPONSE {
log local0. "The variable origin has a value of $Origin"
if {$Origin ne ""} {
log local0. "Adding in an origin header $Origin"
HTTP::header insert "Access-Control-Allow-Origin" $Origin
HTTP::header insert "Access-Control-Allow-Methods" "GET,POST"
HTTP::header insert "Access-Control-Max-Age" "86400"
HTTP::header insert "Allow" "GET,HEAD,POST,OPTIONS"
}
log local0. "inserting Vary and Origin"
HTTP::header insert "Vary" "Origin"
}