Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


SonicOS 7 and CORS (cross origin resource sharing)

In the office, we have troubles with website Kaart | Geldmaat Locatiewijzer

It shows up partially, no ability to look up locations. At home it works fine. So it's probably something with the TZ470 we have. It doesn't show any errors or warnings. Using the Developer Tools in Edge shows what's the problem:

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

It seems like the firewall is stripping the HTML header? Is there any way to resolve this?

Category: Mid Range Firewalls

Best Answer

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited February 2023 Answer ✓

    @Simon_Weel I have not seen this before but did you tried to exclude an endpoint from the security services, this would give you a clear view if it's related to that and start from here. Without security services the chances are nil that the TZ is interfering.

    It might be also related to some kind of Endpoint Security, countercheck would be to use an endpoint without it.

    Everything beyond that would need more digging.

    I could reproduce this error by enabling DPI-SSL, even without disabled Security Services
    on LAN and WAN.




  • Options
    Simon_WeelSimon_Weel Enthusiast ✭✭

    Ok, disabling DPI-SSL indeed makes the site working. Now the question is, what URL do I need to exclude (I guess and for which do I need to exclude it?

    Adding the aforementioned site as exclusion to DPI-SSL doesn't do the trick....

  • Options
    Simon_WeelSimon_Weel Enthusiast ✭✭

    Spoke too soon - it did work after some time.

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @Simon_Weel when fiddling with DPI-SSL it's always advisable to completely close any browser instance. This kind of exclusion only makes sense if the destination is static.

    Figuring this stuff out is one of the downsides of DPI-SSL.


Sign In or Register to comment.