Dear Apex folks. We are running the above software with SAML2 enabled on Oracle 12.1 RAC database front ended with Oracle httpd server ( the apache 2.2 version). I consistently get a CORSAccessForbiddenException dump using Safari on IOS or Mac OS for any Apex URL initial invocation. The second load of the same URL works fine. No such issues on Firefox or Chrome. I have googled and searched the Oracle forums ad nauseam and tried tweaking the virtual host configs in Oracle apache with all the recommendations (one change at a time). I cannot make the error go away. I need to open a service request but I am not sure what product I should open the request under. If i pick the wrong product the SR will be closed and I will need to open another. Argh! Should the SR be opened under ORDS, Weblogic or Oracle httpd? Appreciated any input. Here is the error in the browser.

Oracle REST Data Services

403 Forbidden

• The request cannot be processed because this resource does not support Cross Origin Sharing requests, or the request Origin is not authorized to access this resource. If ords is being reverse proxied ensure the front end server is propagating the host name, for mod_proxy ensure ProxyPreserveHost is set to On

Debug Trace

Authenticated external principal: {user: DA18047, roles: []} [TE] url-mapping start: 2019-04-26T13:15:06.732Z duration: 1ms Mapped request to mapping: |apex|| did not authenticate request mapped request using: /*:PL/SQL to: |apex|| Choosing: oracle.dbtools.apex.ModApex as current candidate with score: PLSQLDispatchScore [TE] GET /pls/f?p=1118:6 start: 2019-04-26T13:15:06.732Z duration: 9ms

Stack Trace

CORSAccessForbiddenException [statusCode=403, reasons=[The request cannot be processed because this resource does not support Cross Origin Sharing requests, or the request Origin is not authorized to access this resource. If ords is being reverse proxied ensure the front end server is propagating the host name, for mod_proxy ensure ProxyPreserveHost is set to On]] at oracle.dbtools.http.cors.CrossOriginRequests.validateRequest(CrossOriginRequests.java:75) at oracle.dbtools.http.cors.CORSDispatchHook.before(CORSDispatchHook.java:38) at oracle.dbtools.http.dispatch.hooks.DispatchHookChain.before(DispatchHookChain.java:30) at oracle.dbtools.http.dispatch.hooks.DispatchHooks.before(DispatchHooks.java:34) at oracle.dbtools.http.entrypoint.Dispatcher.dispatch(Dispatcher.java:121) at oracle.dbtools.http.entrypoint.EntryPoint$FilteredServlet.service(EntryPoint.java:239) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:73) at oracle.dbtools.http.forwarding.QueryFilteringRewrite.doFilter(QueryFilteringRewrite.java:90) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.forwarding.ForwardingFilter.doFilter(ForwardingFilter.java:68) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.cors.CORSPreflightFilter.doFilter(CORSPreflightFilter.java:66) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.cookies.auth.CookieSessionCSRFFilter.doFilter(CookieSessionCSRFFilter.java:75) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.auth.AuthenticationFilter.authenticate(AuthenticationFilter.java:87) at oracle.dbtools.http.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:62) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.url.mapping.RequestMapperImpl.doFilter(RequestMapperImpl.java:158) at oracle.dbtools.url.mapping.URLMappingBase.doFilter(URLMappingBase.java:103) at oracle.dbtools.url.mapping.filter.URLMappingFilter.doFilter(URLMappingFilter.java:124) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.auth.external.ExternalSessionFilter.doFilter(ExternalSessionFilter.java:59) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.cors.CORSResponseFilter.doFilter(CORSResponseFilter.java:83) at oracle.dbtools.http.filters.HttpResponseFilter.doFilter(HttpResponseFilter.java:45) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.errors.ErrorPageFilter.doFilter(ErrorPageFilter.java:85) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.secure.ForceHttpsFilter.doFilter(ForceHttpsFilter.java:72) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.auth.ForceAuthFilter.doFilter(ForceAuthFilter.java:44) at oracle.dbtools.http.filters.HttpFilter.doFilter(HttpFilter.java:47) at oracle.dbtools.http.filters.FilterChainImpl.doFilter(FilterChainImpl.java:64) at oracle.dbtools.http.filters.Filters.filter(Filters.java:65) at oracle.dbtools.http.entrypoint.EntryPoint.service(EntryPoint.java:81) at oracle.dbtools.http.entrypoint.EntryPointServlet.service(EntryPointServlet.java:49) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at oracle.dbtools.rt.web.HttpEndpointBase.dispatchableServices(HttpEndpointBase.java:113) at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:80) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:247) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3697) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3667) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326) at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197) at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203) at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71) at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269) at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1703) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1663) at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272) at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352) at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337) at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57) at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41) at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415) at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)

• About Oracle

• Contact Us

• Legal Notices

• Terms Of Use

• Your Privacy Rights

Copyright © 2014, 2017 Oracle and/or its affiliates All rights reserved.