Forum Discussion
AltocumulusHow to enable Cross Origin Request Sharing (CORS) on LTM
Hello everyone,
I have a BIG IP LTM with a vritual server with 2 nodes behind it. This VS runs several web sites, using multiple sub domains.
I need to allow cross origin requests across those sub domains. Here is what I need to do.
Users navigate to ABC.website.com. There is an applet that loads on ABC.website.com (xyz.website.com/MarvinJS). This is currently not being passed. This all happens within the same virtual server.
The VS is set up as standard with the http profile. I have also tried setting it as performance L4 using a fastl4 profile. Same results. Here is what I see when trying to run the applet.
**_Headers when calling from [http://xyz.website.com/MarvinJsheader](http://xyz.website.com/MarvinJsheader)
name Access-Control-Allow-Origin= null_**
Any thoughts or help would be greatly appreciated!
4 Replies
Hannes_RappNimbostratus
Hi,
It's not an F5 issue by any means. The Access-Control-Allow-Origin header (inserted by xyz.website.com webserver) should reference to ABC.website.com, instead of "null". You could overwrite the header value in F5, before the response is routed back to client, but its a dirty way of solving your issue. Please read the second response here: http://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work.
Solution: needs to be applied in the end-server
Leo_T_144084Thank you! Going to try this out.
- Hannes_Rapp_162
Nacreous
Hi,
It's not an F5 issue by any means. The Access-Control-Allow-Origin header (inserted by xyz.website.com webserver) should reference to ABC.website.com, instead of "null". You could overwrite the header value in F5, before the response is routed back to client, but its a dirty way of solving your issue. Please read the second response here: http://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work.
Solution: needs to be applied in the end-server
- Leo_T_144084Thank you! Going to try this out.
