topic Re: Alfresco ECM Core API returns 403 in Alfresco Forum

Alfresco ECM Core API returns 403

zain — Fri, 24 Apr 2020 12:25:18 GMT

Hi All,

I'm calling following API using admin credentials from Angular

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?skipCount=0&maxItems=100&relativePath=Sites/rtc/documentLibrary/attachments&includeSource=true

but it returns 403 when browser sends OPTIONS request. I've already configured CORS in tomcat's web.xml but still it returns 403. I'm able to authenticate using tickets API.

Here are the CORS settings

<filter>
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
		<init-param>
			<param-name>cors.allowed.origins</param-name>
			<param-value>http://localhost:4200,http://localhost:4201,http://localhost,http://127.0.0.1:4200,http://127.0.0.1</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.methods</param-name>
			<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.headers</param-name>
			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
		</init-param>
		<init-param>
			<param-name>cors.exposed.headers</param-name>
			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
		</init-param>
		<init-param>
			<param-name>cors.support.credentials</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>cors.preflight.maxage</param-name>
			<param-value>10</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

Kindly note that Docker container environment is used for ACS deployment

Re: Alfresco ECM Core API returns 403

afaust — Fri, 24 Apr 2020 14:01:51 GMT

Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.

Re: Alfresco ECM Core API returns 403

jigir_shah — Wed, 23 Sep 2020 05:33:41 GMT

Hi @afaust ,

How to resolve this error? Anything needs to be changed in ADF side? I have similar configuration in my ACS. I have allowed CORS with given filters. Still I'm getting 403 error. When I put cors.allowed.origin=*, I'm able to login. But, with specific IP/host, I'm getting 403.

Can you please let me know how to resolve this?

Re: Alfresco ECM Core API returns 403

kaynezhang — Thu, 24 Sep 2020 08:21:13 GMT

How did you config IP/Host,you should configure it like following,please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

cors.allowed.origins

A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).