2 Replies Latest reply on Jan 17, 2018 4:15 PM by avaidya RSS
    avaidya Explorer

    TW REST API support for http OPTIONS request from browser during Cross-origin resource sharing


    We have developed TW REST API service(s) for consumption by external web application.

    These APIs work fine when tested with Postman.Same API fails When tested from external web application.

    We found that first OPTIONS request is sent to TW server (instead of POST), as below, to which TW server returns 401 or 403 status.

    What is the solution for this in TW?



    OPTIONS /Thingworx/Things/TnT.MobilityControllerThing/Services/VerifyLogin HTTP/1.1

    Accept: */*

    Origin: http://localhost:8080

    Access-Control-Request-Method: POST

    Access-Control-Request-Headers: content-type, accept, authorization

    Accept-Encoding: gzip, deflate

    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393



    HTTP/1.1 403 Forbidden

    Server: Apache-Coyote/1.1

    X-Content-Type-Options: nosniff

    X-XSS-Protection: 1; mode=block

    Content-Security-Policy: frame-ancestors 'self'

    X-Frame-Options: SAMEORIGIN

    Content-Type: text/plain

    Content-Length: 0

    Date: Fri, 04 Aug 2017 15:41:22 GMT