Strip HTTP Origin header based on its value before hit the ASM

Question

Hi Everyone
Our app using CORS, and it's working normally with correct origin headers:
Origin:  "://"  [ ":"  ]
But also all mobile clients sending Origin header with value 'file://' this causes (Illegal cross-origin request)
POST /xxx/yyy HTTP/1.1
Host: ddd:8001
Connection: keep-alive
Content-Length: 2
Accept: application/json, text/plain, */*
Origin: file://

i want to add iRule to Strip this header Origin: file:// before hit the ASM and allow normal  Origin headers like: Origin: https://xyz.com:8080 Origin: https://xyz.com:8090

kai_wilke · Answer

Hi Mohanad,
use the iRule below to remove every Origin header that starts_with the string file://.
when HTTP_REQUEST {
    if { [HTTP::header value "Origin"] starts_with "file://" } then {
        HTTP::header remove "Origin"
    }
}

Cheers, Kai

Forum Discussion

Strip HTTP Origin header based on its value before hit the ASM

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

logging original header value, before modification by HTTP profile

Change original source IP to random in ASM logs

Four score and seven years ago... a laptop origin story 📖‌

C3D and header insert

Create an HTTPS Origin based on public FQDN for VoltMesh

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS