Forum Discussion

Rory_Hewitt_F5_'s avatar
Sep 04, 2015

Problem with doubly-quoted string

This is related to this previous question I asked: https://devcentral.f5.com/questions/adding-cors-response-headers

 

I am now having a separate problem related to a new version of sample code in that thread, which was trying to return CORS headers automatically. Here's the problem fragment:

 

if { ( [HTTP::method] equals "OPTIONS" ) and ( [HTTP::host] contains "example.com"] ) and ( [HTTP::header] exists "Access-Control-Request-Method") } {
    HTTP::respond 200 "Access-Control-Allow-Origin" "[HTTP::header Origin]" "Access-Control-Allow-Methods" "POST, GET, OPTIONS" "Access-Control-Allow-Headers" "[HTTP::header Access-Control-Request-Headers]" "Access-Control-Max-Age" "86400"        
} elseif { ( [HTTP::host] contains "example.com"] ) and ( [HTTP::header] exists "Origin") } {
     CORS GET/POST requests - set cors_origin variable
    set cors_origin [HTTP::header Origin]
}

As you can see, each of the CORS response header names in the second line is enclosed in double-quotes, so the iRule treats them as strings.

 

However, when I try to deploy the iRule that contains this fragment, it fails, and I'm not sure why.

 

Could the problem be this bit:

 

"Access-Control-Allow-Headers" "[HTTP::header Access-Control-Request-Headers]"

Could the iRule think that Access-Control-Request-Headers is not a string? If so, what's the solution? Can I have a string within a string - I'm assumign this isn't valid:

 

"Access-Control-Allow-Headers" "[HTTP::header "Access-Control-Request-Headers"]"
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus

    Change

    HTTP::respond 200 "Access-Control-Allow-Origin" "[HTTP::header Origin]"
    

    to

    HTTP::respond 200 "Access-Control-Allow-Origin" [HTTP::header Origin]
    
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus

    Additionally, change

    "Access-Control-Allow-Headers" "[HTTP::header Access-Control-Request-Headers]"
    

    to

    "Access-Control-Allow-Headers" [HTTP::header "Access-Control-Request-Headers"]