CORS Multi-origin configuration

0

With all the latest enhancements to CORS enforcement, I am seeing a need now to apply CORS support for multiple origins. Unfortunately you cannot simply add multiple domains to the allowed origins header as that breaks the rules. There are a few variations to support this using .HTACCESS configs and others, however I like to manage everything on the LB. Here in lies my issue. I can easily add the header using the Content Rules, however setting that header header based on different origins is where I'm having trouble. Here's what I thought may work, hopefully someone has some insight here.

- First I setup a Content Rule, one for each origin domain. The first rule (setting the flag) runs in the VS, the second rule applied to the sub-vs sets the header. Here's the setup for the first rule

rule type: content matching

match type regular expression

header field: origin

match strong: /^www.domain.com.*/

ignore case checked

set flag if match: flag1

From there I have a second rule that adds the header with Access-Control-Allow-Origin -> https://www.domain.com if Flag1 is set.

If I only use the Add Header Rule, it works fine, however if I add the dependency to the flag it does not. 

 

Any suggestion are appreciated

 

Grant

0 comments