When CORS IS SET, Sometimes the request gives error when request originates from one domain and requests resource in another domain

Question

This is wrt cors policy, Sometimes the request gives error when request originates from one domain and requests resource in another domain, the allow origin header is seen send for few of the request but it's not seen for some and that's when error comes up. Should I be doing anything on F5 and add the header as response for the server? There is ASM as well but I can't see anything blocked on the F5. Kindly please suggest possible ways to troubleshoot.

richard_karon · Answer

Here is setup:https://techdocs.f5networks.net/kb/en-us/products/big-ip_asm/manuals/product/big-ip-asm-implementations-14-1-0/18.html&nbsp;if your CORS headers are in the request and not in the response from the ASM device, checkout &nbsp;K34183431: BIG-IP ASM security policy removes CORS headers when Cross-Domain Request Enforcement is 'disabled'&nbsp;

Forum Discussion

When CORS IS SET, Sometimes the request gives error when request originates from one domain and requests resource in another domain

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

AFM deny log level

History Current Connections from Local pool Traffic.

Persistent hash iRule

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Request POST Header Rewrite of Origin and Referer

F5 Distributed Cloud - Mitigation for Cross Tenant Origin Exposure (CTOE)

Logging DNS Requests

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS