Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
14.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 14.1.2, 22.214.171.124, 126.96.36.199
Opened: Feb 12, 2019
When enabling Single Page Application (SPA) option in ASM, cross origin AJAX requests are resulting in the following error in the browser console, and site application might not work: Access to XMLHttpRequest at 'https://x.com' from origin 'https://www.y.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
App does not work as expected.
-- ASM with SPA enabled -- App is sending cross-origin requests
Using an iRule, add the following headers to the response: -- Access-Control-Allow-Origin with originating domain. -- Access-Control-Allow-Credentials: true.
This release adds the relevant CORS fields to responses.