With all the latest enhancements to CORS enforcement, I am seeing a need now to apply CORS support for multiple origins. Unfortunately you cannot simply add multiple domains to the allowed origins header as that breaks the rules. There are a few variations to support this using .HTACCESS configs and others, however I like to manage everything on the LB. Here in lies my issue. I can easily add the header using the Content Rules, however setting that header header based on different origins is where I'm having trouble. Here's what I thought may work, hopefully someone has some insight here.
- First I setup a Content Rule, one for each origin domain. The first rule (setting the flag) runs in the VS, the second rule applied to the sub-vs sets the header. Here's the setup for the first rule
rule type: content matching
match type regular expression
header field: origin
match strong: /^www.domain.com.*/
ignore case checked
set flag if match: flag1
From there I have a second rule that adds the header with Access-Control-Allow-Origin -> https://www.domain.com if Flag1 is set.
If I only use the Add Header Rule, it works fine, however if I add the dependency to the flag it does not.
Any suggestion are appreciated