CORS Question

Question

Not too familiar with CORS (and I've looked over the implementation post), but can't seem to find the answer to my question. I have a VS that has a rewrite profile attached to it. All the URI rewrites go to backend servers, but one of them actually goes to a different a site / domain all together. This is working fine, except for the CORS error that we are seeing.

If I CURL requests going to any of the other URIs (the ones that go to our backend servers), I get the following back:
Access-Control-Allow-Origin: *

But going to the URI that points to the other site / domain, we do not see this. Is this an issue on the F5 VS side or is there something that needs to be done on the backed of the other site / domain we are trying to access.

Thanks!

kevin_davies · Answer

The destination has to provide the records that allow the access. If the domain of the calling webpage (the domain in the URL field of the users browser) is different to that of the destination website then CORS rules are required on the destination to allow the access or the browser itself will block it.

Be mindful that if these are API calls and you dont have authorisation to access them you may have an issue as they cannot perform authentication.

Forum Discussion

CORS Question

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

DNS HM Probe issue

Related Content

CORS implementation

Adding CORS response headers

Health monitor question

Enforcing CORS With LineRate

Novice Question - irules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS