CORS Header for OAUTH2 APM
Hello,
we are evaluating APM for OAUTH2, running on v13.0 HF2. One of our dev teams is building a single page application that wants to use grant type "password". Therfore, they need to have CORS headers (Access-Control-Allow-Origin) on the token endpoint /f5-oauth2/v1/token
If the header is not applied, they see an error: XMLHttpRequest cannot load https://oauth.mydomain.de/f5-oauth2/v1/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app.mydomain.de' is therefore not allowed access.
I tried to add the header in HTTP_RESPONSE, but this seems not to be applied to the traffic. My workarond is to have a layered VS that applies the Header and forwards to the APM VS.
Is there a more elegant solution for that?
when HTTP_REQUEST {
unset -nocomplain cors_origin
if { [HTTP::header "Origin"] contains "mydomain.de" } {
set cors_origin [HTTP::header "Origin"]
log local0. "CORS Origin seen: [HTTP::header "Origin"]"
}
}
when HTTP_RESPONSE {
CORS GET/POST response - check cors_origin variable set in request
if { [info exists cors_origin] } {
HTTP::header insert "Access-Control-Allow-Origin" $cors_origin
log local0. "CORS Header sent: Access-Control-Allow-Origin $cors_origin"
}
}