CORS irule query

Question

I am looking to enable my F5 to send CORS headers.&nbsp;
I tried implementing the following irule but this broke my access to the website though I was able to test the CORS header. Am I missing something here. &nbsp;
when HTTP_REQUEST {
clientside {
HTTP::header insert Access-Control-Allow-Credentials true
HTTP::header insert Access-Control-Allow-Origin *
}
}&nbsp;

kevin_stewart · Answer

Take a look at this thread:&nbsp;
https://devcentral.f5.com/questions/access-control-allow-origin-on-f5&nbsp;

zeesh86_123075 · Answer

I have tried those irules. The CORS headers works but the site is not accessible anymore. &nbsp;

kevin_stewart · Answer

A more appropriate version of your iRule would look like this:
when HTTP_REQUEST { 
    HTTP::header insert Access-Control-Allow-Credentials true            
    HTTP::header insert Access-Control-Allow-Origin * 
}

The HTTP_REQUEST event already operates in the client side context, so the clientside command is not necessary. As for CORS functionality, if you post a capture of what it should look like when it works natively, it may make it easier to emulate here.

kevin_stewart · Answer

Ref: https://devcentral.f5.com/questions/apm-clientless-mode-40329&nbsp;

Forum Discussion

CORS irule query

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

CORS implementation

iRule Processing query

DNS Query Name Parsing iRule

Adding CORS response headers

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS