Not too familiar with CORS (and I've looked over the implementation post), but can't seem to find the answer to my question. I have a VS that has a rewrite profile attached to it. All the URI rewrites go to backend servers, but one of them actually goes to a different a site / domain all together. This is working fine, except for the CORS error that we are seeing.
If I CURL requests going to any of the other URIs (the ones that go to our backend servers), I get the following back: Access-Control-Allow-Origin: *
But going to the URI that points to the other site / domain, we do not see this. Is this an issue on the F5 VS side or is there something that needs to be done on the backed of the other site / domain we are trying to access.
The destination has to provide the records that allow the access. If the domain of the calling webpage (the domain in the URL field of the users browser) is different to that of the destination website then CORS rules are required on the destination to allow the access or the browser itself will block it.
Be mindful that if these are API calls and you dont have authorisation to access them you may have an issue as they cannot perform authentication.