Forum Stats

  • 3,750,407 Users
  • 2,250,174 Discussions
  • 7,866,970 Comments

Discussions

403 The request cannot be processed because it failed cross origin request validation

How do I resolve this issue?


When I invoke a REST API GET call from my browser as under, it works.


https://IP_address:8443/ords/paddock/vw_race_date_picker/?q={"race_date":"15-jul-2021"}


I have a custom JavaScript application that gets data using this same Oracle Rest API call, but it does not work and shows the following error in the catalina.out file.



2021-08-23T15:56:51.196Z INFO <zDWhEvZUH-16UPs5zJ-TTg> GET 152.70.117.82 /ords/paddock/vw_race_date_picker/?limit=15 403 The request cannot be processed because it failed cross origin request validation

CORSAccessForbiddenException [statusCode=403, logLevel=INFO, errorCode=ORDS-13002: The request cannot be processed because it failed cross origin request validation Cause: This resource does not support Cross Origin Sharing requests, or the request Origin is not authorized to access this resource. Action: If ords is being reverse proxied ensure the front end server is propagating the host name, scheme and port correctly. If using mod_proxy ensure ProxyPreserveHost is set to On. If using SAML with Oracle APEX, ensure security.externalSessionTrustedOrigins is correctly configured. If using a RESTful Service ensure the Origins Allowed value is correctly configured]


Error Codes

---------------------------------------------------

CORSAccessForbiddenException


This note may be relevant


--- 403 Forbidden Error Accessing Apex Application with ORDS 3.0.4 or above Using Chrome: Resource Does Not Support Cross Origin Sharing Requests ( Doc ID 2139195.1 )


ORDS is not able to determine the origin of a request itself, it relies on the Application Server (WebLogic/Tomcat/Glassfish) it is running in to provide this information. If the Application Server is fronted by another server, eg, an HTTP server (Apache, OHS, etc.) or a load balancer (F5 Networks, BIGIP, etc), then the Application Server must be passed the correct information from the front end server as well.


When the above 403 Forbidden Error occurs it points to a mis-configuration in one of the following:


Load Balancer

HTTP Server

Application Server


This mis-configuration causes incorrect information to be propagated to ORDS causing it to think the Origin of the server is different from it's actual origin.