ASM Transparent mode blocking CORS requests
Hello community,
I would like to know if anyone have seen or had an issue with CORS (Cross-Origin Resource Sharing) and ASM, i have an problem with Javascript request that its been blocked by CORS policy on browser when i assign the the ASM profile on the virtual server, the main issue is that the ASM profile its an newly created ASM policy in transparent mode (It should not block anything), and i can not see any violation on the ASM>Events Logs.
Im sure that the ASM profile its causing this issue with the site, i made some tests and after removing the ASM profile from the virtual server there is no error from CORS in the browser. I also have searched abou this on DevCentral and found that this feature its from Proative Bot Defense, and its configured in DoS Profile, the problem is that i do not have an DoS profile on the virtual server, and its has became very diffcult to find the root cause of this.
Here iss on example of the request blocked in Google Chrome when the ASM profile its assign:
Access to XMLHttpRequest at 'https://app.host-a.com/Geral/MasterPage?pais=a` from origin 'https://www.host-b.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Do you guys have a clue were should i search for this strange behaviour ?
Hi Hugo,
Thanks for the update. I agree, this is unacceptable. Never encountered something like this with ASM and I have dealt with CORS many times before. You can play with the CORS configuration through ASM or with an irule, I think that this is what I will do.