NimbostratusWe are trying to enable CORS support so that certain headers and their values get sent through the F5 unmolested. We've tried different versions of "persist" and set headers and inserted headers, but it seems that we are just making more of a mess.
Is there some method for enabling CORS and allowing headers to pass through the F5?
CumulonimbusUnder normal traffic flow F5 LTM will not remove any headers unless configured to do so. For CORS you shouldn't need to do anything on the F5 really as long as your backend server configuration is correct.
However, I would say CORS can be difficult to get right so I would confirm that the backend server configuraiton is correct before anything else, test directly bypassing the F5.
Then set the F5 to do no HTTP header manipulation and test see what error messages you are getting on the client and server if things are not working. From that hopefully you can work out if the issue is client or server side.
Check out for a really good explination of how HTTP flow works for CORS: MDN Web Docs: Cross-Origin Resource Sharing (CORS)