Response for preflight has invalid HTTP status code 401

Camunda 7 Topics Discussion & Questions
,
1

Hi,

I am using camunda version: camunda-bpm-wildfly-7.11.0-alpha3 with wildfly-15.0.0.Final

I have added following to my wildfly standalone.xml to get rid of CORS issue. But Still my REST calls to Camunda failing for:

  1. Request Method: OPTIONS
  2. Status Code: 401 Unauthorized

As due to CORS check functionality from Browser Authroization header is removed from REQUEST.

So, is there a way where I can disable Authroization check for OPTIONS method on wildfly end or engine-rest end?

Any urgent help be much appreciated.

<subsystem xmlns="urn:jboss:domain:undertow:8.0">
        <buffer-cache name="default"/>
        <server name="default-server">
            <http-listener name="default" socket-binding="http" redirect-socket="https"/>
            <host name="default-host" alias="localhost">
                <location name="/" handler="welcome-content"/>
                <filter-ref name="server-header"/>
                <filter-ref name="x-powered-by-header"/>
                <filter-ref name="Access-Control-Allow-Origin"/>
                <filter-ref name="Access-Control-Allow-Methods"/>
                <filter-ref name="Access-Control-Allow-Headers"/>
                <filter-ref name="Access-Control-Allow-Credentials"/>
                <filter-ref name="Access-Control-Max-Age"/>
                <http-invoker security-realm="ApplicationRealm"/>
            </host>
        </server>
        <servlet-container name="default">
            <jsp-config/>
            <websockets/>
        </servlet-container>
        <handlers>
            <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
        </handlers>
        <filters>
            <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
            <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
            <response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
            <response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
            <response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
            <response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
            <response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
        </filters>
    </subsystem>
2

@gomzee Refer this post for cors configuration:

3

@aravindhrs I have already followed that. But it didn’t helped.

4

@gomzee can you provide complete stack trace of the exception

5

image
image2106×984 280 KB

6