Forum Discussion
Thomas_________
Nimbostratus
Nobody has ever even tried this feature?
Ivan_Chernenkii
Sep 01, 2020Employee
Hello Thomas,
Please take a look at https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/17.html
"Enforce on ASM" should trigger "Illegal cross-origin request" violation if origin in request is not defined as allowed. It shouldn't remove or modify any response headers.
"Replace CORS headers" should replace response headers with values defined in configuration of URL. Pay attention, that to make it work you must get preflight CORS request at first.
If it doesn't help, then please share config of your CORS URLs and CORS traffic (requests/responses) incl. preflight request.
Thanks, Ivan