Forum Discussion
knightgc_389641
Nimbostratus
NimbostratusHow to enable CORS on LTM?
Im very very new to the f5, and Ive read a few documents in the forum today on how to enable CORS. First with iRules (complex method)- outside of the scope of what I am being asked to do, but if its the only way then im all for it versus http profile/header insert (closer to what I am looking to do)
From what I have read all around though, it seems these solutions are for ASM model. While attempting to do the simple method of using the http profile and header insert, the options are not available or not as whats described in other threads, could be I need to look around more.
Any help/guidance is appreciated. I will continue reading what others have posted before and continue my own learning in this process but thought it best to ask first to save time and effort if its not even an option on the LTM.
For reference the LTM appliance is on v14.0
Simon_BlakelyEmployee
The problem is not that the LTM cannot insert CORS headers (it can), but that CORS is complex, and does not lend itself to a simple just stick the same header on every response approach that results from using a http profile. ASM has a better model of how the application works, so it is capable of more complex CORS manipulation.
For this reason, you will probably need to use a more nuanced (or complex) approach using irules or Local Traffic Policies that allow the CORS headers to be adjusted to suit different responses with different CORS requirements.
In my opinion, CORS is an Application feature, and really needs to be built in to the application responses, where they can be correctly crafted to match the delivered response/application requirements. Of course, you may then end up modifying the CORS headers as they pass the LTM, but that is different from just adding the headers.