2 Replies Latest reply on Aug 8, 2017 12:35 AM by avaidya RSS
    avaidya Newbie

    TW REST API support for http OPTIONS request from browser during Cross-origin resource sharing

    Hi,

    We have developed TW REST API service(s) for consumption by external web application.

    These APIs work fine when tested with Postman.Same API fails When tested from external web application.

    We found that first OPTIONS request is sent to TW server (instead of POST), as below, to which TW server returns 401 or 403 status.

    What is the solution for this in TW?

     

    Request

    OPTIONS /Thingworx/Things/TnT.MobilityControllerThing/Services/VerifyLogin HTTP/1.1

    Accept: */*

    Origin: http://localhost:8080

    Access-Control-Request-Method: POST

    Access-Control-Request-Headers: content-type, accept, authorization

    Accept-Encoding: gzip, deflate

    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393

     

    Response

    HTTP/1.1 403 Forbidden

    Server: Apache-Coyote/1.1

    X-Content-Type-Options: nosniff

    X-XSS-Protection: 1; mode=block

    Content-Security-Policy: frame-ancestors 'self'

    X-Frame-Options: SAMEORIGIN

    Content-Type: text/plain

    Content-Length: 0

    Date: Fri, 04 Aug 2017 15:41:22 GMT