Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iControlREST and CORS

I know I cannot be the only one that has run into this problem, but I cannot find any questions related to this. I have an angular application that is trying to hook into our F5 directly. When the call goes out, it returns a CORS error due to

No 'Access-Control-Allow-Origin' header is present

Here is a close example of what I'm doing:

Apache URL: testing.example.com

F5 URL: f5url.example.com

Image Text

My web server talks directly to the F5 instead of interfacing with a server side application like php. I'm wondering if iControl even has the option to enable the return of "Access-Control-Allow-Origin" when the options method is used.

If you've come across this issue, I would love to hear what you were able to do to get around it. Preferably without the need to go to an intermediary app server.

Thank you.

1
Rate this Question
Comments on this Question
Comment made 05-Jun-2018 by Dan Bowman 191

3 years later and this still appears to be an issue in the current BIG-IP version.

Would be good to be able to set these headers on device to allow web-based calls, or even an enhancement to BIG-IQ to allow iControl commands to be crafted and sent from there?

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In the end, it became clear that the F5 required authentication to even hit the OPTIONS method of the URL (bad practice). Even if I was somehow able to inject authorization headers into the pre-flight check, the F5 returns a 502 bad gateway error.

Throwing in the towel, I've created a PHP server to handle all interaction with the F5. While PHP was the proper architecture to begin with, it's still a bummer that the REST interface will not allow pre-flight checks.

If this changes or someone has an example of this working, please comment.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Are you trying to make a REST call and for credentials using an external user (eg, not BIG-IP user)?

0