CORS implementation

Problem this snippet solves: Pretty self-explanatory - we had to implement CORS (Cross-Origin-Resource-Sharing) where we had multiple domains, all of which had to be able to make AJAX calls to API's...
Published Nov 03, 2015
Version 1.0
cors
devops
iRules
LTM
Rory_Hewitt_F5_'s avatar
Rory_Hewitt_F5_
Icon for Cirrus rankCirrus
Apr 23, 2018

@Kevin_Dyer note that the reference you cite for latest CORS specification is actually significantly out-of-date.

The responsibility for CORS was taken over by WHATWG, as part of the fetch spec (https://fetch.spec.whatwg.org/). The examples aren't great, but fetch now does allow (in theory) some enhancements, such as allowing an asterisk as the value for the 

Access-Control-Allow-Headers
, 
Access-Control-Allow-Methods
and 
Access-Control-Expose-Headers
CORS response headers. I don't know whether all browsers have implemented support for these special values yet, however.