Hi Community,
I'm facing a CORS (cross origin resource sharing) issues with my quite new Apex 5.1.2 installation.
The setup:
- DB Server: Apex 5.1.2, Oracle 12c
- App Server: Apache Tomcat 8, ORDS 3.0.11
- DMZ Server: With installed certificate for https connection to https://mycompany.com, routing the https requests to internal App Server.
- Client: Browser with installed certificate, accessing "https://mycompany.com/apex/f?p=124"
The problem:
When I use Chrome/Firefox as client browser I get 403 HTTP responses from ORDS using POST headers!
...but not using GET headers although they request to the same host.
As i already investigated... The browser sends the "origin" http header in the POST request although there is no reason to do so... ( i guess, i'm not very firm with ords )
because I'm not accessing another host. In these POST requests the origin is "https://mycompany.com". The host is also "mycompany.com".
In Internet Explorer/ Edge the POST request headers don't include the "origin" header. It works fine... no cors header at all in POST or GET.
These headers are set in the javascript files: jquery-2.2.3.min.js?v=5.1.2.00.09:4 and desktop.min.js?v=5.1.2.00.09:14
POST requests like wwv_flow.ajax and wwv_flow.show are affected. As is said, all GET requests work as expected.
Also interesting... this issue didn't occur with Apex 4.2 and ORDS 3.0.4.
So... anyone facing similar problems?
...any suggestions??
Thanks!