Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for Cirrus rank

Cirrus

May 05, 2021

Cors preflight requests problem

I have two different web applications that make requests to domain names other than themselves. For example, x.domain.com makes a request to y.domain.com to retrieve certain data. The user is authent...

application delivery

BIG-IP Access Policy Manager (APM)

Icon for Cirrocumulus rank

Cirrocumulus

Jul 21, 2021

if you are using ASM it might be the culprit, check this:

Bug ID 746394: With ASM CORS set to 'Disabled' it strips all CORS headers in response.

https://cdn.f5.com/product/bugtracker/ID746394.html

Also if y.domain.com where your request is landing has an ASM policy in blocking mode please do check that OPTIONS method is not blocked in ASM policy (it is blocked by default)

Icon for Cirrus rank

Cirrus

Jul 21, 2021

Thanks for your reply, unfortunately we´re not using ASM together with APM.

/Johan

Jonathan - March 2026 Featured Member

DevCentral News

featured member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

DevCentral News

2026 F5 DevCentral MVP Announcement

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5