CORS irule query

Question

I am looking to enable my F5 to send CORS headers.&nbsp;
I tried implementing the following irule but this broke my access to the website though I was able to test the CORS header. Am I missing something here. &nbsp;
when HTTP_REQUEST {
clientside {
HTTP::header insert Access-Control-Allow-Credentials true
HTTP::header insert Access-Control-Allow-Origin *
}
}&nbsp;

kevin_stewart · Answer

Take a look at this thread:&nbsp;
https://devcentral.f5.com/questions/access-control-allow-origin-on-f5&nbsp;

zeesh86_123075 · Answer

I have tried those irules. The CORS headers works but the site is not accessible anymore. &nbsp;

kevin_stewart · Answer

A more appropriate version of your iRule would look like this:
when HTTP_REQUEST { 
    HTTP::header insert Access-Control-Allow-Credentials true            
    HTTP::header insert Access-Control-Allow-Origin * 
}

The HTTP_REQUEST event already operates in the client side context, so the clientside command is not necessary. As for CORS functionality, if you post a capture of what it should look like when it works natively, it may make it easier to emulate here.

kevin_stewart · Answer

Ref: https://devcentral.f5.com/questions/apm-clientless-mode-40329&nbsp;

Forum Discussion

CORS irule query

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Getting around CORS with IRULES

iRule Creation Query

F5 WAF query

Irule for disabling CORS functionality.

Assign a resource to the request without AD query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS