Hi all,
I'm having problems serving Apex from behind a http reverse proxy at a client of us. This is the situation:
Apex 5.1.2 is running on ORDS 3.0.9 on Tomcat 8. In Tomcat, the http listener is listening on port 8080. I can run the apex application without problems.
The applicatie has to be available from the internet via https. With the client, there's a policy to do this via their Netscaler, via a http reverse proxy. When I start the application from the public dns name, I can't login. After login, I see an error: forbidden. When looking at the networking-tab in Chrome, I see the following request has been made:
POST /ords/wwv_flow.accept HTTP/1.1 Host: host.name.nl:9443 Connection: keep-alive Content-Length: 488 Accept: application/json, text/javascript, */*; q=0.01 Origin: https://host.name.nl:9443 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.18 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 DNT: 1 Referer: https://host.name.nl:9443/ords/f?p=140:LOGIN_DESKTOP:13691995182448::::: Accept-Encoding: gzip, deflate, br Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: ORA_WWV_APP_140=ORA_WWV-CFyv03bdfw-OJOu4IkR7SLZd
The body of the request:
p_flow_id:140 p_flow_step_id:101 p_instance:13691995182448 p_debug: p_request:LOGIN p_reload_on_submit:S p_page_submission_id:297565168745705422240276296600008284601 p_json:{"pageItems":{"itemsToSubmit":[{"n":"P101_USERNAME","v":"test"},{"n":"P101_PASSWORD","v":"test"}],"protected":"Wktsx83pjFy2jlM5CN0hhA","rowVersion":""},"salt":"297565168745705422240276296600008284601"}
as a response, I get a 403 error from ORDS with the following text: The request cannot be processed because this resource does not support Cross Origin Sharing requests, or the request Origin is not authorized to access this resource. If ords is being reverse proxied ensure the front end server is propagating the host name, for mod_proxy ensure ProxyPreserveHost is set to On
The person that made the reverse proxy, told me that he ís propagating the host name, but that the problem lies in the fact that the cookie Apex is setting, is not secure (on the cookies tab, there's not a checkmark in the Secure column)
My question is: what is the best way to debug this? What are the settings I have to make in Apex or the network person has to make in the (Netscaler) reverse proxy to make this work?
Regards,
Tom