Not sure if I'm trying to oversimplify things or if a 'proper' app is needed to use iControlREST.
I've created a basic web page with a PATCH request to iControl, passing basic auth headers and a JSON payload.
Browser appears to send an initial OPTIONS preflight which is failing the F5 auth check, so I'm seeing a "401 F5 Authorization Required" response. I can see in my devtools that the headers "Access-Control-Request-Headers:authorization, content-type" are being sent so I'm not sure why the auth is failing. Are there any CORS issues?
Does iControl need a more in-depth implementation than I'm trying or should this work? Documentation suggests that basic auth should work so I needn't go down the route of tokenization?
To add - it appears the OPTIONS preflight is being sent due to CORS, but typically auth wouldn't be required for an OPTIONS request.
Are there any user-configurable settings for the /mgmt path on BIG-IP that serves iControl requests?