CORS policy: Citrix ADC should add CORS headers to responses to _all_ requests (not only pre-flight)

[enov]

Is your feature request related to a problem? Please describe. To enable CORS on a HTTP endpoint, a service must respond with Access-Control-Allow-* headers to a request to the endpoint, after responding with the same headers and a 200 OK to the pre-flight request for the same endpoint. Currently, the documentation for CORS policy states

Citrix ADC responds with a 200 OK response code for the pre-flight request if the origin is one of the allow_origins

This, it does it beautifully. However, as service developers we expect that the Citrix ADC to take care of the CORS headers of the response to the main endpoint.

Describe the solution you'd like Citrix ADC responds to the pre-flight requests. As a complete API gateway, it should also augment all the responses (not only responses to pre-flight requests) from the same service with required Access-Control-Allow-* CORS headers.

Describe alternatives you've considered Currently we're enabling CORS by setting required CORS headers on the response in the service / application itself.

Additional context If I am missing something, that is, if this feature is already implemented, please advise and forward me to right documentation.

Thank you!