CS315704 - Requests Utilizing Cross-Origin Resource Sharing (CORS) constantly return a 403 error after upgrading to ThingWorx Platform 8.5

Article - CS315704

Requests Utilizing Cross-Origin Resource Sharing (CORS) constantly return a 403 error after upgrading to ThingWorx Platform 8.5

Modified: 27-Jul-2020

Applies To

ThingWorx Platform 8.5 to 9.0

CORS (Cross-Origin Resource Sharing)

Description

Upgraded and reconfigured CORS but still getting a 403 error
Any call that must pass CORS using the OPTIONS header is failing with a 403 error
New <security-constraint> in web.xml is preventing requests from working correctly
In ThingWorx 8.5 configured CORS per CS229450 and still getting a 403 error
How to call Cross-Origin requests in ThingWorx 8.5
Browser Dev Tools/F12 show the following
- Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <ThingWorx Entity URL>. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing
localhost log located in <Tomcat Home>\logs shows the following on start up:
- <Date Time> SEVERE [main] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/*] only the HTTP methods [OPTIONS] are covered. All other methods are uncovered

This is a printer-friendly version of Article 315704 and may be out of date. For the latest version click CS315704

Knowledge Base Access

Please log-in to:

Read the full content of this article
Discover related content for this topic
Search all of our content sources (Knowledge Base, Help Centers, Community topics..)

Sign In