Enable CORS/Access-Control-Allow-Origin Header - Zen Load Balancer

Question

A client has a simple Zen Load Balancer (ZLB) setup. One LB, 2 underlying resource servers. There are multiple farms setup, but that is surplus to this scenario.

The front end application server is outside of the ZLB arrangement.

The front end application server is requesting a font file from a CDN resource, of which the origin is set as the ZLB LB IP. The CDN request hits the LB, the LB passes the request, plus headers, to whichever suitable backend resource server.

All simple, but now the client is running into CORS issues. The origin of the front end server is different to that of the CDN resource (the LB). We have set the Access-Control-Allow-Origin headers in the vHosts in Apache on the two backend servers to allow all origins. This has not worked.

I'm now assuming that ZLB is either modifying or stripping the Access-Control-Allow-Origin header set on the backend servers, as the front end server is acting as if the header was never set.

Any ideas on how to forcibly add in the header on ZLB? Or any other methods of getting around this? CORS is fairly new to me, and the Access-Control-Allow-Origin header is also something I've not had to employ the use of before.

Answer 1

Now resolved. ZenLB was not at fault. And did indeed pass the headers on without modifying them.