Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Leo_T_144084's avatar
Leo_T_144084
Icon for Altocumulus rankAltocumulus
Apr 22, 2015

How to enable Cross Origin Request Sharing (CORS) on LTM

Hello everyone, I have a BIG IP LTM with a vritual server with 2 nodes behind it. This VS runs several web sites, using multiple sub domains. I need to allow cross origin requests across those su...
application delivery
LTM
management
Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Apr 22, 2015

Hi,

 

It's not an F5 issue by any means. The Access-Control-Allow-Origin header (inserted by xyz.website.com webserver) should reference to ABC.website.com, instead of "null". You could overwrite the header value in F5, before the response is routed back to client, but its a dirty way of solving your issue. Please read the second response here: http://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work.

 

Solution: needs to be applied in the end-server

 

  • Leo_T_144084's avatar
    Leo_T_144084
    Icon for Altocumulus rankAltocumulus
    Apr 22, 2015
    Thank you! Going to try this out.