Scenario:
You have a jasperserver and visualize.js app using that jasperserver on two different. domains. When you try to connect to that server using your visualize.js application, you get CORS errors and specifically 403 on CORS-related OPTIONS requests for require.config.js and settings.html. domainWhitelist is configured and OPTIONS method is allowed in applicationcContext-security-pro-web.xml allowedMethods property. If you try to cURL the same request, you'll get the same response:
curl -i -X OPTIONS "http://localhost:8080/jasperserver-pro/settings.html" -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: Content-Type, Accept' -H 'Origin: "http://localhost:8080"' HTTP/1.1 403 Cache-Control: private Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="ALL" Set-Cookie: JSESSIONID=ACE2B17125284871856A47448CCE25D9; Path=/jasperserver-pro; HttpOnly X-XSS-Protection: 1; mode=block Set-Cookie: userLocale=en;Expires=Sat, 20-Mar-2021 19:11:33 GMT;Path=/jasperserver-pro/;HttpOnly Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Transfer-Encoding: chunked
What could be the reason for this 403 response on OPTIONS request?
Solution:
Most likely issue for 403 response on OPTIONS request is missing or disabled anonymousUser. Log in as superuser, go to manage -> users screen and check for anonymousUser existence. If you can't find it, create one on the root organization level, call it exactly anonymousUser and give it just ROLE_ANONYMOUS.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now