Access-Control-Allow-Origin

Question

Hi,&nbsp;
When I opening same web page  - on the developer mode (Chrom) I see below errors:&nbsp;
&nbsp;
And some option in the website does not working well.&nbsp;
When I disabling the ASM profile - I dont see those errors, and wesite working well&nbsp;
Does anyone knows what the issue above means ?&nbsp;
Thank you.&nbsp;

samstep · Answer

Proactive Bot Defense feature blocks CORS requests even for legitimate users. CORS requests are blocked because browsers typically do not include the required cookies when allowing cross-domain requests to prevent session riding attacks by attackers trying to access live sessions and sensitive data from other domains.&nbsp;
Therefore, if you enable Proactive Bot Defense and your web site uses CORS, you should add the CORS URLs to the proactive bot URL whitelist. Those URLs will not be defended from bots proactively, but they will not be blocked, and will still be protected by other enabled DoS detections and mitigations.&nbsp;
In your case it looks like your app is using a Live Chat app called "tawk.to" which needs to be whitelisted in Proactive Bot Defense URL whitelist.&nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

Forum Discussion

Access-Control-Allow-Origin

1 Reply

Recent Discussions

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

Related Content

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

Access-control-allow-origin changing according domains

Access-Control-Allow-Origin on F5

iControlREST Access-Control-Allow-Origin Response Header

Access-Control-Allow-Origin iRule Strange Error