Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP ASM, Install/Upgrade
Fixed In:
17.1.1, 16.1.5
Opened: Apr 25, 2023 Severity: 3-Major
CORS violation can start appearing after upgrading to 17.1.x.
Requests with HTTPS protocol can get blocked with CORS violation.
1) CORS violation is enabled. 2) CORS configuration is done with port 80 on a particular URL. 3) Request with URL from step 2 which BIG-IP receives, is of HTTPS type.
Change configured CORS port to 443 for URLs that receive HTTPS traffic.
Added a new bd internal variable "cors_default_port_80" which can be used to allow HTTPS traffic with CORS port configured as 80.