AnsweredAssumed Answered

CORS Configuration in API Management (403 Forbidden)

Question asked by patrick.knab@ipt.ch on Dec 6, 2016
Latest reply on Mar 23, 2017 by patrick.knab@ipt.ch

We are trying to configure the the CORS feature for an service endpoint. Is there a full example somewhere on how to configure and test such a configuration, e.g., for a GET request for JSON with a preceding preflight OPTIONS request and the detailed configuration necessary on Dell Boomi?

 

I try to send an OPTIONS request from SoapUI on the machine where the Boomi Atom is running.

If I send the request without any special HTTP headers I get the following response:

 

HTTP/1.1 200 OK
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Content-Length: 0
Server: Jetty(6.1.26-boomi2)

 

However, if I add an Origin Header, as in the example below, I get a 403 Forbidden. 

 

OPTIONS https://xxx.xxx.xxx.xxxt/ws/rest/services/ping HTTP/1.1
Accept-Encoding: gzip,deflate
Origin: https://test.domain.org
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

 

In the Shared Web Server Configuration I added the Domain with *.domain.org and enabled HTTP as well as HTTPS. 

 

 

Thanks for any input!

Outcomes