cancel
Showing results for 
Search instead for 
Did you mean: 

How to modify Access-Control-Allow-Headers header

Highlighted

How to modify Access-Control-Allow-Headers header

Hi,

 

As part of CORS process a JavaScript code adds an additinal header to the CORS request (lets call it 'X-Dummy'), which is not on the Access-Control-Allow-Headers list the vTM sends back.

Normally we deal with headers using the standard get. and set. functions but in this case this doesn't work. My suspicion is the vTM completly ignores the OPTIONS method requests and treats them as a prelude to real GET request (which never comes).

 

Is there a specific function I need to use in order to get the OPTIONS request traffic captured (and modified)?

 

Best regards,

Dan

1 REPLY
New Contributor

Re: How to modify Access-Control-Allow-Headers header

Hi, 

 

Would you be able to provide a little more detail in what you are trying to do?  

 

Is it that your JavaScript is adding Access-Control-Request-Headers to an OPTIONS request and you want vTM to add an Access-Control-Allow-Headers containing that header to it's response?  i.e.

 

Browser--> OPTIONS (w/ header Access-Control-Request-Headers: X-Dummy) -->  vTM

vTM --> RESPONSE  Access-Control-Allow-Headers:  X-Dummy

 

Not sure if that's what you had in mind but I tested doing the above and using the OPTIONS method on a VTM.  I was able to get vTM to take the value of the Access-Control-Request-Headers in a request and insert that into an Access-Control-Allow-Headers header in the response.  I used 2 rules to accomplish this, one Request rule and one Response rule:

 

Request rule:  check_CORS_header

$cors_header = http.getHeader ( "Access-Control-Request-Headers" );

if ( $cors_header != "" ) {
   connection.data.set ( "CORS_Header_Exists" , $cors_header );
   }
​

Reponse rule:  add_CORS_header

$cors_header_to_add = connection.data.get ("CORS_Header_Exists");

if ( $cors_header_to_add != "" ){
   http.setResponseHeader( "Access-Control-Allow-Headers", $cors_header_to_add );
   }
​

I tested this using the Advanced Rest Client Chrome app and it seems to work, even when using the OPTIONS method:

 

Capture.JPG

 

Again, not sure if this is what you had in mind.  FYI the interesting piece is how you can use connection.data.set and connection.data.get to send information from a request rule to a response rule.

 

Cheers,

Joe