CORS Enforcement on ASM

Question

Hello, has anyone had success enforcing CORS through ASM. I have enabled and and allowed a wildcard for origins (for testing only), but I'm still unsuccessful seeing the headers replaced when I run a test. I get the following from google developer tools when fetching from my test site:&nbsp;
Access-Control-Allow-Origin' header is present on the requested resource.&nbsp;
Thanks,
Nick&nbsp;

erik_novak · Answer

For Enforcement Mode, are you using "Enforce on ASM", "Remove all CORS Headers", or "Replace CORS Headers"? The idea is that ASM will compare the Origin header to the list of host names in your policy and the allowed origins for the respective URL (or wildcard in your case.)

Forum Discussion

CORS Enforcement on ASM

1 Reply

Recent Discussions

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

Related Content

CORS implementation

Enforcing CORS With LineRate

BoT Defense Profile, Signature Enforcement

ASM Transparent mode blocking CORS requests

Enforce RFC Compliance option in http profile