Hi there,
The problem is next:
When I associate WAF with ALB I received an error in the browser console:
The request has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Without WAF everything is ok.
WAF ACL rule:
{
"Name": "HEADER-VERIFICATION",
"Priority": 0,
"Action": {
"Allow": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "MyCustmomHeaderRule"
},
"Statement": {
"ByteMatchStatement": {
"FieldToMatch": {
"SingleHeader": {
"Name": "my_custom_header"
}
},
"PositionalConstraint": "EXACTLY",
"SearchString": "my_serching_string",
"TextTransformations": [
{
"Type": "NONE",
"Priority": 0
}
]
}
}
}
