Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X
Hi,
We have developed TW REST API service(s) for consumption by external web application.
These APIs work fine when tested with Postman.Same API fails When tested from external web application.
We found that first OPTIONS request is sent to TW server (instead of POST), as below, to which TW server returns 401 or 403 status.
What is the solution for this in TW?
Request
OPTIONS /Thingworx/Things/TnT.MobilityControllerThing/Services/VerifyLogin HTTP/1.1
Accept: */*
Origin: http://localhost:8080
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept, authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Response
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain
Content-Length: 0
Date: Fri, 04 Aug 2017 15:41:22 GMT
Hello, Aniruddha Vaidya.
The error you're seeing:
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Looks related to the 'Allowing Embedded Mashups in iFrames' topic in the ThngWorx Help Center. See
for further information. Check that your Content Security Policy configuration matches what you're trying to do.
-- Craig A.
Hi Craig,
Thanks for reply, The above link did not help much.
My TW REST API (for service) works with http POST method (from POSTMAN), but when tested from html page (via java script) in chrome, it sends pre-flight http OPTIONS (as mentioned above) method, TW server gives 401/403 error. ( chrome sends OPTIONS voluntarily under CORS condition, programmer does not have any control on the same.)
So question is Does TW server supports http OPTIONS method at all ? If not how to handle this.
As per my understanding TW supports (POST, PUT, DELETE methods only)
Br,
Aniruddha