HTML5 Cross-Domain Reuest Enforcement not working as expected (13.1.1)
I am confused by the HTML5 Cross-Domain Reuest Enforcement. We have tested all of the modes quite extensively and analyzed the bahaviour.
Mode "Replace CORS headers" actually seems to remove the response headers instead of replacing them. Basically this is the behaviour I would expect with "Enforce on ASM". As it happens, if the mode is changed to "Enforce on ASM" nothing at all happens, the behaviour is identical to the mode being set to "Disabled".
What is happening here and what is wrong? Or is the documentation just wrong here and this is actually the expected (but wierd) behaviour? Googling on the topic gives a few results, all basically reiterating what the manual says. And the manual does not reflect what we are seeing in our tests.
Yes, I have rememebred to "Apply policy" between running the test cases and policy changes when testing the modes.
This is BIG-IP 13.1.1.4 Build 0.0.4 Point Release 4.