cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Chrome returns a CORS Exception making calls to Windchill REST

NN_9148331
4-Participant

Chrome returns a CORS Exception making calls to Windchill REST

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://[URL]/Windchill/servlet/odata/v4/QMS/Quality. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401

 

That's the exception I get for making calls from Chrome or Firefox. Using postman the call works fine but chrome and firefox do a prefetch request using an OPTIONS header and it seems like Windchill isn't responding properly to that request. By default options shouldn't have an authentication header and Windchill shouldn't require one. But it seems Windchill is requiring it.

I've updated the web.xml file inside Windchill/codebase/WEB-INF/web.xml with the following but Im not sure if any of my changes are being reflected. :

 

 

 

 

 

<filter>
	<filter-name>ContentCorsOptionsFilter</filter-name>
	<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
	<init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>[SERVER URL]</param-value>
	</init-param>
	<init-param>
		<param-name>cors.support.credentials</param-name>
		<param-value>false</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.methods</param-name>
		<param-value>OPTIONS</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.headers</param-name>
		<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
	</init-param>
	<init-param>
		<param-name>cors.exposed.headers</param-name>
		<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
	</init-param>
	<init-param>
		<param-name>cors.request.decorate</param-name>
		<param-value>true</param-value>
	</init-param>
  </filter>
  
  
  <filter>
	<filter-name>ContentCorsFilter</filter-name>
	<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
	<init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>[Server URLS]</param-value>
	</init-param>
	<init-param>
		<param-name>cors.support.credentials</param-name>
		<param-value>true</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.methods</param-name>
		<param-value>GET,POST,ORIGINS</param-value>
	</init-param>
	<init-param>
		<param-name>cors.allowed.headers</param-name>
		<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
	</init-param>
	<init-param>
		<param-name>cors.exposed.headers</param-name>
		<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
	</init-param>
	<init-param>
		<param-name>cors.request.decorate</param-name>
		<param-value>true</param-value>
	</init-param>
  </filter>
  
  <filter>
	<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
	<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
	<init-param>
		<param-name>antiClickJackingOption</param-name>
		<param-value>ALLOW-FROM</param-value>
	</init-param>
	<init-param>
      <param-name>antiClickJackingUri</param-name>
      <param-value>[Server URLS]</param-value>
	</init-param>
  </filter>
    
  <filter-mapping>
	<filter-name>ContentCorsFilter</filter-name>
	<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
	<filter-name>ContentCorsOptionsFilter</filter-name>
	<url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
	<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
	<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
	<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
	<url-pattern>/servlet/odata/*</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
	<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
  </filter-mapping>

 

 

 

 

1 REPLY 1

 Hi,

 

Could the next article help?

Link - "How to configure Windchill to allow "Cross Origin Resource Sharing (CORS) Requests"": https://www.ptc.com/en/support/article/CS318829

Top Tags