My Oracle Support Banner

"Resolve 403 Forbidden Error" When Trying To Access The Apex Application Configured with ORDS 3.0.4 Or Higher Using the Google Chrome Browser (Doc ID 2139195.1)

Last updated on AUGUST 04, 2018

Applies to:

Oracle REST Data Services - Version 3.0.4 and later
Oracle Application Express (APEX) - Version 4.2.6 and later
Information in this document applies to any platform.


 While Accessing the Apex Application Over the HTTPS using the Chrome browser, the following error is getting displayed.


This error is not a problem with the ORDS configuration or ORDS settings. ORDS is architected to ensure that configuration steps are done on third party products - load balancers, reverse proxies, webserver, etc., that are forwarding request to ORDS - to ensure that the Origin Request is authorized to access the resource.

To ensure compliance, ORDS verifies the Origen header provided by the browser and confirms it matches the origin from which ORDS is operating.



ORDS is not able to determine the origin of a request itself, it relies on the Application Server (WebLogic, Tomcat, Glassfish) it is running in to provide this information. If the Application Server is fronted by another HTTP server (Apache, OHS, etc) or a load balancer  F5 Networks BIGIP, etc), then the Application Server must be passed the correct information from this front end server as well.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.