cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

TW REST API support for http OPTIONS request from browser during Cross-origin resource sharing

avaidya1
1-Newbie
1-Newbie
‎Aug 07, 2017 12:20 AM
‎Aug 07, 2017 12:20 AM

TW REST API support for http OPTIONS request from browser during Cross-origin resource sharing

Hi,

We have developed TW REST API service(s) for consumption by external web application.

These APIs work fine when tested with Postman.Same API fails When tested from external web application.

We found that first OPTIONS request is sent to TW server (instead of POST), as below, to which TW server returns 401 or 403 status.

What is the solution for this in TW?

Request

OPTIONS /Thingworx/Things/TnT.MobilityControllerThing/Services/VerifyLogin HTTP/1.1

Accept: */*

Origin: http://localhost:8080

Access-Control-Request-Method: POST

Access-Control-Request-Headers: content-type, accept, authorization

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393

Response

HTTP/1.1 403 Forbidden

Server: Apache-Coyote/1.1

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Security-Policy: frame-ancestors 'self'

X-Frame-Options: SAMEORIGIN

Content-Type: text/plain

Content-Length: 0

Date: Fri, 04 Aug 2017 15:41:22 GMT

Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
CRArko
17-Peridot
17-Peridot
(To:avaidya1)
‎Aug 07, 2017 02:51 PM
‎Aug 07, 2017 02:51 PM

Hello, Aniruddha Vaidya.

The error you're seeing:

HTTP/1.1 403 Forbidden

Server: Apache-Coyote/1.1

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Security-Policy: frame-ancestors 'self'

X-Frame-Options: SAMEORIGIN

Looks related to the 'Allowing Embedded Mashups in iFrames' topic in the ThngWorx Help Center. See

http://support.ptc.com/help//thingworx_hc/thingworx_7_hc/index.html#page/ThingWorx_Core_Help_Center/ThingWorxHelpCenterD…

for further information. Check that your Content Security Policy configuration matches what you're trying to do.

-- Craig A.

0 Kudos
Notify Moderator
avaidya1
1-Newbie
1-Newbie
(To:avaidya1)
‎Aug 08, 2017 12:35 AM
‎Aug 08, 2017 12:35 AM

Hi Craig,

Thanks for reply, The above link did not help much.

My TW REST API (for service) works with http POST method (from POSTMAN), but when tested from html page (via java script) in chrome, it sends pre-flight http OPTIONS (as mentioned above) method, TW server gives 401/403 error. ( chrome sends OPTIONS voluntarily under CORS condition, programmer does not have any control on the same.)

So question is Does TW server supports http OPTIONS method at all ? If not how to handle this.

As per my understanding TW supports (POST, PUT, DELETE methods only)

Br,

Aniruddha

0 Kudos
Notify Moderator
Top Tags