Help

Alfresco ECM Core API returns 403

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
zain
Member II
‎24 Apr 2020 1:25 PM

Alfresco ECM Core API returns 403

Hi All,

I'm calling following API using admin credentials from Angular

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?skipCount=0&maxItems=100&relativePath=Sites/rtc/documentLibrary/attachments&includeSource=true

but it returns 403 when browser sends OPTIONS request. I've already configured CORS in tomcat's web.xml but still it returns 403. I'm able to authenticate using tickets API.

 

Here are the CORS settings

 

<filter>
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
		<init-param>
			<param-name>cors.allowed.origins</param-name>
			<param-value>http://localhost:4200,http://localhost:4201,http://localhost,http://127.0.0.1:4200,http://127.0.0.1</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.methods</param-name>
			<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.headers</param-name>
			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
		</init-param>
		<init-param>
			<param-name>cors.exposed.headers</param-name>
			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
		</init-param>
		<init-param>
			<param-name>cors.support.credentials</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>cors.preflight.maxage</param-name>
			<param-value>10</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

acs.png

 

Kindly note that Docker container environment is used for ACS deployment

Labels
0 Kudos
Reply
3 Replies
afaust
Master
‎24 Apr 2020 3:01 PM

Re: Alfresco ECM Core API returns 403

Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.

0 Kudos
Reply
jigir_shah
Active Member
‎23 Sep 2020 6:33 AM

Re: Alfresco ECM Core API returns 403

Hi @afaust ,

How to resolve this error? Anything needs to be changed in ADF side? I have similar configuration in my ACS. I have allowed CORS with given filters. Still I'm getting 403 error. When I put cors.allowed.origin=*, I'm able to login. But, with specific IP/host, I'm getting 403.

Can you please let me know how to resolve this?

0 Kudos
Reply
kaynezhang
Advanced
‎24 Sep 2020 9:21 AM

Re: Alfresco ECM Core API returns 403

How did you config IP/Host,you should configure it like following,please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

 

cors.allowed.origins

A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).

Reply
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.