How to insert a Cross-Origin Resource Sharing header - allowing access from external domains
Article ID: CTX477708
Updated On:
Description
Describe how to allow CORS - Access-Control-Allow-Origin Header with rewrite policy by insert the header response from Server and detail its implementation.
What is it?
- Cross-Origin Resource Sharing allows restricted resources (e.g., fonts, JavaScript, etc.) on a web page to be requested from another domain outside the original domain.
- It is a security feature implemented by web browsers that helps prevent malicious websites from accessing sensitive data on other sites, such as user credentials.
- CORS headers on a site can specify which domains are allowed to make requests to its resources
Instructions
Creating and binding the policy:Use the following commands to create the policy:
- Add rewrite action ac_add_cors insert_http_header Access-Control-Allow-Origin "HTTP.REQ.HEADER(\"Origin\")"
- Add rewrite policy pol_add_CORS HTTP.REQ.HEADER("Origin").EXISTS ac_add_cors
- Bind lb vserver <vserver_name> -policyName pol_add_CORS -priority 100 -gotoPriorityExpression NEXT -type REQUEST
Note: The policy hits when the 'Origin' field is present. The action will insert the value from the 'Origin' field as the value for the insertion of the HTTP header, Access-Control-Allow-Origin.
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Issue/Introduction
How to allow CORS - Access-Control-Allow-Origin Header with rewrite policy - Inserting CORS Header To allow access from external domains
Additional Information
For more information on CORS:
Was this article helpful?
Yes
No
Powered by
