Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to modify Access-Control-Allow-Headers header

daniel.osielczak
Not applicable
‎06-03-2017 05:44:AM
‎06-03-2017 05:44:AM

How to modify Access-Control-Allow-Headers header

Hi,

 

As part of CORS process a JavaScript code adds an additinal header to the CORS request (lets call it 'X-Dummy'), which is not on the Access-Control-Allow-Headers list the vTM sends back.

Normally we deal with headers using the standard get. and set. functions but in this case this doesn't work. My suspicion is the vTM completly ignores the OPTIONS method requests and treats them as a prelude to real GET request (which never comes).

 

Is there a specific function I need to use in order to get the OPTIONS request traffic captured (and modified)?

 

Best regards,

Dan

0 Kudos
1 REPLY 1
Joe Poehls
New Contributor
‎06-14-2017 10:38:PM
‎06-14-2017 10:38:PM

Re: How to modify Access-Control-Allow-Headers header

Hi, 

 

Would you be able to provide a little more detail in what you are trying to do?  

 

Is it that your JavaScript is adding Access-Control-Request-Headers to an OPTIONS request and you want vTM to add an Access-Control-Allow-Headers containing that header to it's response?  i.e.

 

Browser--> OPTIONS (w/ header Access-Control-Request-Headers: X-Dummy) -->  vTM

vTM --> RESPONSE  Access-Control-Allow-Headers:  X-Dummy

 

Not sure if that's what you had in mind but I tested doing the above and using the OPTIONS method on a VTM.  I was able to get vTM to take the value of the Access-Control-Request-Headers in a request and insert that into an Access-Control-Allow-Headers header in the response.  I used 2 rules to accomplish this, one Request rule and one Response rule:

 

Request rule:  check_CORS_header

$cors_header = http.getHeader ( "Access-Control-Request-Headers" );

if ( $cors_header != "" ) {
   connection.data.set ( "CORS_Header_Exists" , $cors_header );
   }
​

Reponse rule:  add_CORS_header

$cors_header_to_add = connection.data.get ("CORS_Header_Exists");

if ( $cors_header_to_add != "" ){
   http.setResponseHeader( "Access-Control-Allow-Headers", $cors_header_to_add );
   }
​

I tested this using the Advanced Rest Client Chrome app and it seems to work, even when using the OPTIONS method:

 

Capture.JPG

 

Again, not sure if this is what you had in mind.  FYI the interesting piece is how you can use connection.data.set and connection.data.get to send information from a request rule to a response rule.

 

Cheers,

Joe

 

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.