29-Jul-2020 09:26
I am working with our DBA/Applications teams to assist with a CORS related issue.
In an attempt to resolve the issues I have written several iRules to insert a HTTP response header, none of which work.
I have focused on one particular iRule, taken form a related DevCentral article posted in 2015.
https://devcentral.f5.com/s/question/0D51T00006i7azP/adding-cors-response-headers
Has anyone had any success with this and can you share the iRule written?
Below is the latest iRule I have written and applied to the F5 front-end:
*****************************************************************************************************************
when HTTP_REQUEST {
set debug 0
set Origin ""
if {[HTTP::header exists "X-tls-debug"]} {
set debug 1
}
if {$debug} {
set prefix "\[[TCP::client_port].[expr {int (rand() * 100000)}]\] "
if {[HTTP::header exists Origin]} {
if {$debug} {log local0. "${prefix} Origin:[HTTP::header Origin]"}
switch -glob -- [HTTP::header Origin] {
"*company1.com" -
"*company2.com" -
{
[HTTP::method] {
"OPTIONS" {
if {$debug} {log local0. "${prefix} Responding to Preflight request"}
HTTP::respond 403 forbidden Allow "GET,HEAD,POST,OPTIONS" \
Access-Control-Allow-Origin "[HTTP::header Origin]" \
Access-Control-Allow-Methods "GET,POST" \
Access-Control-Max-Age "86400"
return
"GET" -
"POST" {
set Origin [HTTP::header Origin]
if {[HTTP::method] eq "OPTIONS"} {
if {$debug} {log local0. "${prefix} Responding to OPTIONS method"}
HTTP::respond 403 forbidden Allow "GET,POST,HEAD,OPTIONS"
when HTTP_RESPONSE {
if {$Origin ne ""} {
HTTP::header insert "Access-Control-Allow-Origin" $Origin
HTTP::header insert "Access-Control-Allow-Methods" "GET,POST"
HTTP::header insert "Access-Control-Max-Age" "86400"
HTTP::header insert "Allow" "GET,HEAD,POST,OPTIONS"
HTTP::header insert "Vary" "Origin"
