Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
11.6.0
Opened: Nov 01, 2013 Severity: 3-Major
The Cross-Origin Resource Sharing (CORS) mechanism allows servers to control access to the data obtained by AJAX requests. Server may add 'Access-Control-Allow-Origin' header to any AJAX response and list Websites which may use these data. In case of Portal Access, this mechanism works incorrectly because client browser communicates with the only cite --- Portal Access Virtual server, but real back-end does not know about this. Hence if 'Access-Control-Allow-Origin' header contains any specific Web cite, client browser suppresses access to this AJAX data.
Web application may not work correctly.
- HTTP AJAX request via Portal Access - response with 'Access-Control-Allow-Origin' header with any value except for '*'
None
Now Portal Access supports basic CORS functionality: AJAX data is available or not available for Web application according to 'Access-Control-Allow-Origin' response header.