Hello Team,

When we set "Origin" value in request Headers, receive same Origin value in "Access-Control-Allow -Origin" response headers for "404 and 405" error code which is vulnerable. We need to set value for "Access-Control-Allow -Origin" in response Headers.

We have set value in DataPower which is reflect for "200,401,500" error/success codes, but for "404 and 405" error code it respond back as value set in requestHeaders or "*".

As observed in logs, We have not received any logs for "404 and 405" error code  in Analytics logs, only received hits in DataPower server.

Please suggest how to set "Access-Control-Allow -Origin" value in DataPower for "404 & 405" error code.

404: Requested URI Path not Found

405: Method type Not allowed

Jyoti,

I'm so sorry I missed this back when posted.  Have you resolved this issue?

Hello Team,

When we set "Origin" value in request Headers, receive same Origin value in "Access-Control-Allow -Origin" response headers for "404 and 405" error code which is vulnerable. We need to set value for "Access-Control-Allow -Origin" in response Headers.

We have set value in DataPower which is reflect for "200,401,500" error/success codes, but for "404 and 405" error code it respond back as value set in requestHeaders or "*".

As observed in logs, We have not received any logs for "404 and 405" error code  in Analytics logs, only received hits in DataPower server.

Please suggest how to set "Access-Control-Allow -Origin" value in DataPower for "404 & 405" error code.

404: Requested URI Path not Found

405: Method type Not allowed

Hello Joseph,

No yet, please help on solution for same issue. We need to set "Access-Control-Allow -Origin" for "429- Rate limit" error code as well.

Thank you in advance.

Jyoti,

I'm so sorry I missed this back when posted.  Have you resolved this issue?

Hello Team,

When we set "Origin" value in request Headers, receive same Origin value in "Access-Control-Allow -Origin" response headers for "404 and 405" error code which is vulnerable. We need to set value for "Access-Control-Allow -Origin" in response Headers.

We have set value in DataPower which is reflect for "200,401,500" error/success codes, but for "404 and 405" error code it respond back as value set in requestHeaders or "*".

As observed in logs, We have not received any logs for "404 and 405" error code  in Analytics logs, only received hits in DataPower server.

Please suggest how to set "Access-Control-Allow -Origin" value in DataPower for "404 & 405" error code.

404: Requested URI Path not Found

405: Method type Not allowed