"Resolve 403 Forbidden Error" When Trying To Access The Apex Application Configured with ORDS 3.0.4 Or Higher Using the Google Chrome Browser
Last updated on DECEMBER 22, 2017
Applies to:Oracle REST Data Services - Version 3.0.4 and later
Oracle Application Express (formerly HTML DB) - Version 4.2.6 and later
Information in this document applies to any platform.
While Accessing the Apex Application Over the HTTPS using the Chrome browser, the following error is getting displayed.
This error is not a problem with the ORDS configuration or ORDS settings. ORDS is architected to ensure that configuration steps are done on third party products - load balancers, reverse proxies, webserver, etc., that are forwarding request to ORDS - to ensure that the Origin Request is authorized to access the resource.
To ensure compliance, ORDS verifies the Origen header provided by the browser and confirms it matches the origin from which ORDS is operating.
ORDS is not able to determine the origin of a request itself, it relies on the Application Server (WebLogic, Tomcat, Glassfish) it is running in to provide this information. If the Application Server is fronted by another HTTP server (Apache, OHS, etc) or a load balancer F5 Networks BIGIP, etc), then the Application Server must be passed the correct information from this front end server as well.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms