Forum Discussion
CirrusIrule for disabling CORS functionality.
Hello All,
Hope you all doing good. Wondering if you would have a answer for to a CORS issue.
I am trying to disable CORS for an web app that we have published and we can see it is failing to load because of CROS error.
I even tried disabling ASM policy from the virtual server , still getting the CROS error on the browser.
I am trying to figure out if the iRule for disabling CORS will work or not. However, when i create the irule mentioned in the article (https://devcentral.f5.com/s/articles/cors-implementation) I get an error on F5 .
Is there an issue with allowed_origins as class ,since i get the error :
01070151:3: Rule [/Common/Allowed_CROS] error: /Common/Allowed_CROS:2: error: [command is not valid in the current scope][class allowed_origins {
".example.com"
".example2.com"
".goodpartner.com"
}]
- # Domains that are allowed to make cross-domain calls to example.com
- class allowed_origins {
- ".example.com"
- ".example2.com"
- ".goodpartner.com"
- }
- when HTTP_REQUEST {
- unset -nocomplain cors_origin
- if { [class match [HTTP::header Origin] ends_with allowed_origins] } {
- if { ( [HTTP::method] equals "OPTIONS" ) and ( [HTTP::header exists "Access-Control-Request-Method"] ) } {
- # CORS preflight request - return response immediately
- HTTP::respond 200 "Access-Control-Allow-Origin" [HTTP::header "Origin"] \
- "Access-Control-Allow-Methods" [HTTP::header "Access-Control-Request-Method"] \
- "Access-Control-Allow-Headers" [HTTP::header "Access-Control-Request-Headers"] \
- "Access-Control-Max-Age" "86400" \
- "Vary" "Origin"
- } else {
- # CORS GET/POST requests - set cors_origin variable
- set cors_origin [HTTP::header "Origin"]
- }
- }
- }
- when HTTP_RESPONSE {
- # CORS GET/POST response - check cors_origin variable set in request
- if { [info exists cors_origin] } {
- HTTP::header insert "Access-Control-Allow-Origin" $cors_origin
- HTTP::header insert "Access-Control-Allow-Credentials" "true"
- HTTP::header insert "Vary" "Origin"
- }
- }
