Forum Discussion
knightgc_389641
Nimbostratus
NimbostratusHow to enable CORS on LTM?
Im very very new to the f5, and Ive read a few documents in the forum today on how to enable CORS. First with iRules (complex method)- outside of the scope of what I am being asked to do, but if its ...
Simon_Blakely
Employee
EmployeeThe problem is not that the LTM cannot insert CORS headers (it can), but that CORS is complex, and does not lend itself to a simple just stick the same header on every response approach that results from using a http profile. ASM has a better model of how the application works, so it is capable of more complex CORS manipulation.
For this reason, you will probably need to use a more nuanced (or complex) approach using irules or Local Traffic Policies that allow the CORS headers to be adjusted to suit different responses with different CORS requirements.
In my opinion, CORS is an Application feature, and really needs to be built in to the application responses, where they can be correctly crafted to match the delivered response/application requirements. Of course, you may then end up modifying the CORS headers as they pass the LTM, but that is different from just adding the headers.