Hello All,

Hope you all doing good. Wondering if you would have a answer for to a CORS issue.

I am trying to disable CORS for an web app that we have published and we can see it is failing to load because of CROS error.

I even tried disabling ASM policy from the virtual server , still getting the CROS error on the browser.

I am trying to figure out if the iRule for disabling CORS will work or not. However, when i create the irule mentioned in the article (https://devcentral.f5.com/s/articles/cors-implementation) I get an error on F5 .

Is there an issue with allowed_origins as class ,since i get the error :

01070151:3: Rule [/Common/Allowed_CROS] error: /Common/Allowed_CROS:2: error: [command is not valid in the current scope][class allowed_origins {

".example.com"

".example2.com"

".goodpartner.com"

}]

1. # Domains that are allowed to make cross-domain calls to example.com
2. class allowed_origins {
3. ".example.com"
4. ".example2.com"
5. ".goodpartner.com"
6. }
7. when HTTP_REQUEST {
8. unset -nocomplain cors_origin
9. if { [class match [HTTP::header Origin] ends_with allowed_origins] } {
10. if { ( [HTTP::method] equals "OPTIONS" ) and ( [HTTP::header exists "Access-Control-Request-Method"] ) } {
11. # CORS preflight request - return response immediately
12. HTTP::respond 200 "Access-Control-Allow-Origin" [HTTP::header "Origin"] \
13. "Access-Control-Allow-Methods" [HTTP::header "Access-Control-Request-Method"] \
14. "Access-Control-Allow-Headers" [HTTP::header "Access-Control-Request-Headers"] \
15. "Access-Control-Max-Age" "86400" \
16. "Vary" "Origin"
17. } else {
18. # CORS GET/POST requests - set cors_origin variable
19. set cors_origin [HTTP::header "Origin"]
20. }
21. }
22. }
23. when HTTP_RESPONSE {
24. # CORS GET/POST response - check cors_origin variable set in request
25. if { [info exists cors_origin] } {
26. HTTP::header insert "Access-Control-Allow-Origin" $cors_origin
27. HTTP::header insert "Access-Control-Allow-Credentials" "true"
28. HTTP::header insert "Vary" "Origin"
29. }
30. }