My Oracle Support Banner

403 Forbidden Error Accessing Apex Application with ORDS 3.0.4 or above Using Chrome: Resource Does Not Support Cross Origin Sharing Requests (Doc ID 2139195.1)

Last updated on AUGUST 18, 2018

Applies to:

Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Information in this document applies to any platform.


 While Accessing the Apex Application Over the HTTPS using the Chrome browser, the following error is getting displayed.


This error is not a problem with the ORDS configuration or ORDS settings. ORDS is architected to ensure that configuration steps are done on third party products - load balancers, reverse proxies, webserver, etc., that are forwarding request to ORDS - to ensure that the Origin Request is authorized to access the resource.

To ensure compliance, ORDS verifies the Origen header provided by the browser and confirms it matches the origin from which ORDS is operating.



ORDS is not able to determine the origin of a request itself, it relies on the Application Server (WebLogic, Tomcat, Glassfish) it is running in to provide this information. If the Application Server is fronted by another HTTP server (Apache, OHS, etc) or a load balancer  F5 Networks BIGIP, etc), then the Application Server must be passed the correct information from this front end server as well.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.