For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kitday's avatar
kitday
Icon for Nimbostratus rankNimbostratus
Jan 08, 2020

iRule for CORS OPTIONS Header

I am working on creating an iRule that sends a 200 response when an OPTIONS header is sent. Here is the rule:

when HTTP_REQUEST {
        if { ( [HTTP::method] equals "OPTIONS" ) } {
                HTTP::respond 200 Access-Control-Allow-Origin "[HTTP::header Origin]" 
                                  Access-Control-Allow-Methods "POST, GET, OPTIONS"
                                  Access-Control-Allow-Headers "[HTTP::header Access-Control-Request-Headers]" 
                                  Access-Control-Max-Age "86400"
                return
        }
    }

When attempting to deploy this irule to an application, I am given the following error:

IRule error: Transaction on BIG-IP failed after 0 seconds: 01070151:3: Rule [/Common/CORS-Preflight] error: /Common/CORS-Preflight:4: error: [undefined procedure: Access-Control-Allow-Methods][Access-Control-Allow-Methods "POST, GET, OPTIONS"] /Common/CORS-Preflight:5: error: [undefined procedure: Access-Control-Allow-Headers][Access-Control-Allow-Headers "[HTTP::header Access-Control-Request-Headers]" ] /Common/CORS-Preflight:6: error: [undefined procedure: Access-Control-Max-Age][Access-Control-Max-Age "86400"]

Can anyone help with what the syntax issue may be with this?

application delivery
cors
irule
iRules

2 Replies

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Jan 08, 2020

    Hi kitday,

    Can you try this?

    when HTTP_REQUEST {
	if { ( [HTTP::method] equals "OPTIONS" ) } {
		HTTP::respond 200 Access-Control-Allow-Origin "[HTTP::header Origin]" \
			Access-Control-Allow-Methods "POST, GET, OPTIONS" \
			Access-Control-Allow-Headers "[HTTP::header Access-Control-Request-Headers]" \
			Access-Control-Max-Age "86400"
		return
	}
}