I know I cannot be the only one that has run into this problem, but I cannot find any questions related to this. I have an angular application that is trying to hook into our F5 directly. When the call goes out, it returns a CORS error due to
No 'Access-Control-Allow-Origin' header is present
Here is a close example of what I'm doing:
Apache URL: testing.example.com
F5 URL: f5url.example.com
My web server talks directly to the F5 instead of interfacing with a server side application like php. I'm wondering if iControl even has the option to enable the return of "Access-Control-Allow-Origin" when the options method is used.
If you've come across this issue, I would love to hear what you were able to do to get around it. Preferably without the need to go to an intermediary app server.
3 years later and this still appears to be an issue in the current BIG-IP version.
Would be good to be able to set these headers on device to allow web-based calls, or even an enhancement to BIG-IQ to allow iControl commands to be crafted and sent from there?
In the end, it became clear that the F5 required authentication to even hit the OPTIONS method of the URL (bad practice). Even if I was somehow able to inject authorization headers into the pre-flight check, the F5 returns a 502 bad gateway error.
Throwing in the towel, I've created a PHP server to handle all interaction with the F5. While PHP was the proper architecture to begin with, it's still a bummer that the REST interface will not allow pre-flight checks.
If this changes or someone has an example of this working, please comment.
Are you trying to make a REST call and for credentials using an external user (eg, not BIG-IP user)?