cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

Chrome returns a CORS Exception making calls to Windchill REST

NN_9148331
4-Participant
4-Participant
‎Jan 28, 2022 12:02 PM
‎Jan 28, 2022 12:02 PM

Chrome returns a CORS Exception making calls to Windchill REST

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://[URL]/Windchill/servlet/odata/v4/QMS/Quality. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401

 

That's the exception I get for making calls from Chrome or Firefox. Using postman the call works fine but chrome and firefox do a prefetch request using an OPTIONS header and it seems like Windchill isn't responding properly to that request. By default options shouldn't have an authentication header and Windchill shouldn't require one. But it seems Windchill is requiring it.

I've updated the web.xml file inside Windchill/codebase/WEB-INF/web.xml with the following but Im not sure if any of my changes are being reflected. :

 

 

 

 

 

<filter>
	<filter-name>ContentCorsOptionsFilter</filter-name>
	<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
	<init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>[SERVER URL]</param-value>
	</init-param>
	<init-param>
		<param-name>cors.support.credentials</param-name>
		<param-value>false</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.methods</param-name>
		<param-value>OPTIONS</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.headers</param-name>
		<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
	</init-param>
	<init-param>
		<param-name>cors.exposed.headers</param-name>
		<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
	</init-param>
	<init-param>
		<param-name>cors.request.decorate</param-name>
		<param-value>true</param-value>
	</init-param>
  </filter>
  
  
  <filter>
	<filter-name>ContentCorsFilter</filter-name>
	<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
	<init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>[Server URLS]</param-value>
	</init-param>
	<init-param>
		<param-name>cors.support.credentials</param-name>
		<param-value>true</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.methods</param-name>
		<param-value>GET,POST,ORIGINS</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.headers</param-name>
		<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
	</init-param>
	<init-param>
		<param-name>cors.exposed.headers</param-name>
		<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
	</init-param>
	<init-param>
		<param-name>cors.request.decorate</param-name>
		<param-value>true</param-value>
	</init-param>
  </filter>
  
  <filter>
	<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
	<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
	<init-param>
		<param-name>antiClickJackingOption</param-name>
		<param-value>ALLOW-FROM</param-value>
	</init-param>
	<init-param>
      <param-name>antiClickJackingUri</param-name>
      <param-value>[Server URLS]</param-value>
	</init-param>
  </filter>
    
  <filter-mapping>
	<filter-name>ContentCorsFilter</filter-name>
	<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
	<filter-name>ContentCorsOptionsFilter</filter-name>
	<url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
	<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
	<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
	<url-pattern>/servlet/odata/*</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
  </filter-mapping>

 

 

 

 

Labels:
0 Kudos
Notify Moderator
1 REPLY 1
VladimirN
24-Ruby II
24-Ruby II
(To:NN_9148331)
‎Jan 29, 2022 02:09 AM
‎Jan 29, 2022 02:09 AM

 Hi,

 

Could the next article help?

Link - "How to configure Windchill to allow "Cross Origin Resource Sharing (CORS) Requests"": https://www.ptc.com/en/support/article/CS318829

0 Kudos
Notify Moderator
Announcements

Contact Community Management
Top Tags