A request with Origin header fails with "HTTP 403 Forbidden".
Article ID: KB0093995
Updated On:
| Products | Versions |
|---|---|
| TIBCO API Exchange | - |
| Not Applicable | - |
Description
Resolution:
When a POST request is sent to API Exchange Gateway with a Origin header but no Content-Type header, then APIX-G returns a "HTTP 403 Forbidden" error. Nothing is logged to the engine log/console output. To resolve this, a CORS POST request should carry the Content-Type header. If there is no payload, the GET method can be used to avoid the issue. This a Tomcat requirement as seen in the code at https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
When a POST request is sent to API Exchange Gateway with a Origin header but no Content-Type header, then APIX-G returns a "HTTP 403 Forbidden" error. Nothing is logged to the engine log/console output. To resolve this, a CORS POST request should carry the Content-Type header. If there is no payload, the GET method can be used to avoid the issue. This a Tomcat requirement as seen in the code at https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
Issue/Introduction
A request with Origin header fails with "HTTP 403 Forbidden".
Additional Information
Tomcat's CorsFilter.java
https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
Feedback
Yes
No
Powered by
