Forum Discussion

Mohanad_313515's avatar
Mohanad_313515
Icon for Nimbostratus rankNimbostratus
Jan 20, 2019

Strip HTTP Origin header based on its value before hit the ASM

Hi Everyone

Our app using CORS, and it's working normally with correct origin headers:

Origin:  "://"  [ ":"  ]

But also all mobile clients sending Origin header with value 'file://' this causes (Illegal cross-origin request)

POST /xxx/yyy HTTP/1.1
Host: ddd:8001
Connection: keep-alive
Content-Length: 2
Accept: application/json, text/plain, */*
Origin: file://

i want to add iRule to Strip this header

Origin: file://
before hit the ASM and allow normal Origin headers like:
Origin: https://xyz.com:8080
Origin: https://xyz.com:8090

  • Hi Mohanad,

    use the iRule below to remove every

    Origin
    header that
    starts_with
    the string
    file://
    .

    when HTTP_REQUEST {
        if { [HTTP::header value "Origin"] starts_with "file://" } then {
            HTTP::header remove "Origin"
        }
    }
    

    Cheers, Kai