Web Accelerator caching CORS response header?

Running into an issue where the LTM Web Accelerator is caching the "Access-Control-Allow-Origin" header, and that is presenting a problem on CORS calls originating from domain other than the one returned through the cache.

GET /some/file.ext HTTP/1.1 Host: http://example.com Origin: http://example.com

Server response with Access-Control-Allow-Origin header: HTTP/1.1 200 OK Access-Control-Allow-Origin: http://otherdomain.com

I know it's coming from the LTM cache because I'm getting an X-WA-INFO response header with code 10232

A similar issue is described in this article - https://support.f5.com/csp/article/K85549136 , but that is related to the Portal Access profile, not Web Accelerator.

I wouldn't expect the Web Accelerator to cache response headers, and I cannot find any option to disable caching of response headers within the Web Accelerator profile.

As a work around, an iRule was created to bypass the Web Accelerator for any request with an "Origin" header, but I'd ultimately like to understand why LTM is caching the response header to begin with.

application delivery

BIG-IP

LTM

Forum Discussion

Web Accelerator caching CORS response header?

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

Introduction of Incident Response

Force No Cache on Response

F5 Fast L4 Acceleration and the F5 Smart Coprocessor (prioritized Fast L4 Acceleration)

Accelerating Digital Transformation in Banking and Financial Services