Last Modified: May 07, 2021
See more info
Known Affected Versions:
15.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 15.1.1, 15.1.2, 188.8.131.52, 15.1.3
Opened: Oct 07, 2020
When using Single Page Application, if a CORS request is sent without an Origin, the "Access-Control-Allowed-Origin" header is not set and the request is blocked.
Request is blocked.
-- ASM policy / DoS (with application) profile / Bot Defense Profile are attached to VS, with a "Single Page Application" flag enabled. -- Client is using dosl7.allowed_origin option -- CORS Request is sent without an Origin header.
Use an iRule to add the Origin header according to the domain in the Referrer header.