"Resolve 403 Forbidden Error" When Trying To Access The Apex Application Configured with ORDS 3.0.4 Or Higher Using the Google Chrome Browser

(Doc ID 2139195.1)

Last updated on DECEMBER 22, 2017

Applies to:

Oracle REST Data Services - Version 3.0.4 and later
Oracle Application Express (formerly HTML DB) - Version 4.2.6 and later
Information in this document applies to any platform.

Symptoms

 While Accessing the Apex Application Over the HTTPS using the Chrome browser, the following error is getting displayed.

 

This error is not a problem with the ORDS configuration or ORDS settings. ORDS is architected to ensure that configuration steps are done on third party products - load balancers, reverse proxies, webserver, etc., that are forwarding request to ORDS - to ensure that the Origin Request is authorized to access the resource.

To ensure compliance, ORDS verifies the Origen header provided by the browser and confirms it matches the origin from which ORDS is operating.

 

Changes

ORDS is not able to determine the origin of a request itself, it relies on the Application Server (WebLogic, Tomcat, Glassfish) it is running in to provide this information. If the Application Server is fronted by another HTTP server (Apache, OHS, etc) or a load balancer  F5 Networks BIGIP, etc), then the Application Server must be passed the correct information from this front end server as well.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms