Chrome returns a CORS Exception making calls to Windchill REST
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Chrome returns a CORS Exception making calls to Windchill REST
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://[URL]/Windchill/servlet/odata/v4/QMS/Quality. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401
That's the exception I get for making calls from Chrome or Firefox. Using postman the call works fine but chrome and firefox do a prefetch request using an OPTIONS header and it seems like Windchill isn't responding properly to that request. By default options shouldn't have an authentication header and Windchill shouldn't require one. But it seems Windchill is requiring it.
I've updated the web.xml file inside Windchill/codebase/WEB-INF/web.xml with the following but Im not sure if any of my changes are being reflected. :
<filter>
<filter-name>ContentCorsOptionsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[SERVER URL]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.request.decorate</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[Server URLS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,ORIGINS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.request.decorate</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>[Server URLS]</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentCorsOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
<url-pattern>/servlet/odata/*</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
</filter-mapping>
- Labels:
-
REST Services
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Hi,
Could the next article help?
Link - "How to configure Windchill to allow "Cross Origin Resource Sharing (CORS) Requests"": https://www.ptc.com/en/support/article/CS318829