How to resolve the issue where an OPTIONS call is rejected with HTTP 403?

How to resolve the issue where an OPTIONS call is rejected with HTTP 403?

book

Article ID: KB0084396

calendar_today

Updated On:

Products Versions
TIBCO API Exchange -
Not Applicable -

Description

Description:
A pre-flight OPTIONS call is rejected by the CORS filter with a "HTTP 403 Forbidden" response.

Issue/Introduction

How to resolve the issue where an OPTIONS call is rejected with HTTP 403?

Resolution

To resolve this issue, make a note of all the headers being passed in the OPTIONS call and add them to the CORS filter's "allowed.headers" property.

Example:
------------
A request with the following headers is rejected:
.........
Request Headersview source

    Accept:
    */*
    Accept-Encoding:
    gzip, deflate, sdch
    Accept-Language:
    en-US,en;q=0.8,cs;q=0.6,hi;q=0.4
    Access-Control-Request-Headers:
    accept, apikey, content-type, publickey, userid
    Access-Control-Request-Method:
    GET
    Connection:
    keep-alive
    Host:
    dev-api.company.com
    Origin:
    http://enable-cors.org
    Referer:
    http://enable-cors.org/
    User-Agent:
    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
.........

To resolve, add these values (publickey and userid, as they are being passed in the pre-flight OPTIONS request) to the allowed headers.

Example:


 <property name="be.http.filter.cors.param.cors.allowed.headers" value="publickey, userid, Origin, Accept, apikey, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"/>
------------

Additional Information

Information about CORS is available in the documentation at:
Home >> User's Guide >> Appendix A >> Configuration Tasks >> Enabling Cross-Origin Resource Sharing(CORS) Filter Properties
Powered by Wolken Software