cancel
Showing results for 
Search instead for 
Did you mean: 

CORS issue with APM logon page redirect

s_martin_253133
Nimbostratus
Nimbostratus

I am working with our development team to publish a browser based single page application which utilizes the local storage feature to store data and will attempt to sync the data when the connection is available. This can be offline hours in some cases due to the rural areas where the targeted users operate. The application is sitting behind an APM policy which requires a logon before redirecting back to the originating uri.

 

The initial load of the application works fine as the users is prompted to logon and then redirected to the internal single page application at which point data is loaded and the application continues to sync. When I kill the connection for over 15 minutes (APM timeout) and come back online the AJAX call is being redirected to the logon page and the browser logs the console security message:

 

"XMLHTTPRequest cannot load https://loginpage.domain.com/F5Networks-SSO-Req?SSO_ORIG_URI=...... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://singlepageapp.domain.com' is therefore not allowed access.

 

From what I can tell from reading about CORS and other posts here I need to somehow get the APM login page to present a Access-Control-Allow-Origin header which would allow the AJAX call to traverse from the singlepageapp.domain.com to the loginpage.domain.com. This would then allow the ajax call to determine if the client has a connection before forcing a page reload (which would allow for user re-authentication).

 

2 REPLIES 2

Michael_Jenkins
Cirrostratus
Cirrostratus

Have you seen this question. The solution there may be what you're looking for. His final solution iRule is at the bottom, and you could modify it to only respond based on the right hostname

 

Nolan_Jensen
Cirrostratus
Cirrostratus

I was wondering if you got this working.  I see the link in the reply is not valid so wondering if you had the details of the work around? 

Thanks