CORS Request Gives HTTP 500 When Origin is Specified

(Doc ID 2297919.1)

Last updated on SEPTEMBER 19, 2017

Applies to:

Oracle Commerce Cloud Service - Version N/A to N/A
Information in this document applies to any platform.


When issuing a POST to /ccadmin or /ccadminui while specifying an Origin the browser displays a 500 Internal Server Error page. The problem is most likely to occur when using the Postman Chrome application as it includes an Origin header with the chrome extension id on all requests.

What follows is an example of such a problem:

1)Within the postman chrome extension (or any application that includes the Origin Header), provide a request similar to the following

POST http://<OCCInstanceHostname>/ccadmin/v1/login HTTP/1.1
Host: <IP>:<Port>
Connection: keep-alive
Content-Length: 49
Cache-Control: no-cache
Origin: chrome-extension://abcdefghijklmnopqrstuvwxyzabcdef
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
DNT: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
JSESSIONID=<some JSessionID Here>
grant_type=<credentials entered here>

2) Notice that the response is a 500 error, with a message similar to the

The response had HTTP status code 500. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms