Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://[URL]/Windchill/servlet/odata/v4/QMS/Quality. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401
That's the exception I get for making calls from Chrome or Firefox. Using postman the call works fine but chrome and firefox do a prefetch request using an OPTIONS header and it seems like Windchill isn't responding properly to that request. By default options shouldn't have an authentication header and Windchill shouldn't require one. But it seems Windchill is requiring it.
I've updated the web.xml file inside Windchill/codebase/WEB-INF/web.xml with the following but Im not sure if any of my changes are being reflected. :
<filter>
<filter-name>ContentCorsOptionsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[SERVER URL]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.request.decorate</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[Server URLS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,ORIGINS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.request.decorate</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>[Server URLS]</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentCorsOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentHttpHeaderSecurityFilter</filter-name>
<url-pattern>/servlet/WindchillAuthGW/wt.content.ContentHttp/viewContent/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.master.StandardMasterService/doDirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doDownload/*</url-pattern>
<url-pattern>/servlet/WindchillAuthGW/wt.fv.replica.StandardReplicaService/doIndirectDownload/*</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Master</url-pattern>
<url-pattern>/servlet/WindchillGW/wt.fv.uploadtocache.DoUploadToCache_Server/doUploadToCache_Replica</url-pattern>
<url-pattern>/servlet/odata/*</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/Quality</url-pattern>
<url-pattern>/servlet/odata/v4/QMS/*</url-pattern>
</filter-mapping>
Hi,
Could the next article help?
Link - "How to configure Windchill to allow "Cross Origin Resource Sharing (CORS) Requests"": https://www.ptc.com/en/support/article/CS318829