Hello, Aniruddha Vaidya.
The error you're seeing:
HTTP/1.1 403 Forbidden
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Looks related to the 'Allowing Embedded Mashups in iFrames' topic in the ThngWorx Help Center. See
for further information. Check that your Content Security Policy configuration matches what you're trying to do.
-- Craig A.
Thanks for reply, The above link did not help much.
My TW REST API (for service) works with http POST method (from POSTMAN), but when tested from html page (via java script) in chrome, it sends pre-flight http OPTIONS (as mentioned above) method, TW server gives 401/403 error. ( chrome sends OPTIONS voluntarily under CORS condition, programmer does not have any control on the same.)
So question is Does TW server supports http OPTIONS method at all ? If not how to handle this.
As per my understanding TW supports (POST, PUT, DELETE methods only)