Hello everyone
I'm facing a persistent issue with CORS preflight requests not working properly on my NetScaler setup. Here’s a detailed description of my environment and the problem:
Environment Setup:
Two vServers Configured:
HTTP vServer (adc01-lb-vs_test07_http): Configured with a responder policy to redirect HTTP to HTTPS.
HTTPS vServer (adc01-lb-vs_test07_https): Basic authentication is active using the AAA Authentication Virtual Server. The domains https://test07.example.ch and https://ai-test07.example.ch are both protected with Basic Auth and are hosted behind the HTTPS vServer.
CORS Setup:
I have a chatbot setup on the website that tries to access https://test07.example.ch from https://ai-test07.example.ch , and it fails due to CORS issues. I suspect this is because the preflight OPTIONS request does not work as expected due to the AAA authentication.
Issue:
When the browser sends an OPTIONS request to check CORS compatibility, it receives a 401 Unauthorized error instead of acknowledging the CORS headers. This happens because the OPTIONS request is being challenged by the Basic Authentication, which should not be the case as preflight requests should bypass authentication checks.
Steps Taken:
I have tried setting up rewrite and responder policies to handle the OPTIONS requests and correctly add CORS headers before the authentication policies trigger. However, I'm still facing the issue where the OPTIONS request gets a 401 response.
Could anyone suggest how to configure the NetScaler so that the CORS preflight OPTIONS requests are handled properly, i.e., they should pass without requiring authentication and should provide the necessary CORS headers in response? I’m particularly struggling with ensuring that these OPTIONS requests bypass the AAA authentication challenge.
Any advice or guidance would be greatly appreciated as I am unsure what configurations or settings I might be missing to resolve this issue.
Thank you in advance!
Hello everyone I'm facing a persistent issue with CORS preflight requests not working properly on my NetScaler setup. Here’s a detailed description of my environment and the problem: Environment Setup: Two vServers Configured: HTTP vServer (adc01-lb-vs_test07_http): Configured with a responder policy to redirect HTTP to HTTPS. HTTPS vServer (adc01-lb-vs_test07_https): Basic authentication is active using the AAA Authentication Virtual Server. The domains https://test07.example.ch and https://ai-test07.example.ch are both protected with Basic Auth and are hosted behind the HTTPS vServer. CORS Setup: I have a chatbot setup on the website that tries to access https://test07.example.ch from https://ai-test07.example.ch , and it fails due to CORS issues. I suspect this is because the preflight OPTIONS request does not work as expected due to the AAA authentication. Issue: When the browser sends an OPTIONS request to check CORS compatibility, it receives a 401 Unauthorized error instead of acknowledging the CORS headers. This happens because the OPTIONS request is being challenged by the Basic Authentication, which should not be the case as preflight requests should bypass authentication checks. Steps Taken: I have tried setting up rewrite and responder policies to handle the OPTIONS requests and correctly add CORS headers before the authentication policies trigger. However, I'm still facing the issue where the OPTIONS request gets a 401 response. Could anyone suggest how to configure the NetScaler so that the CORS preflight OPTIONS requests are handled properly, i.e., they should pass without requiring authentication and should provide the necessary CORS headers in response? I’m particularly struggling with ensuring that these OPTIONS requests bypass the AAA authentication challenge. Any advice or guidance would be greatly appreciated as I am unsure what configurations or settings I might be missing to resolve this issue. Thank you in advance!