Symptom
When making an HTTP request to one of FME Flow's (formerly FME Server) services (Job Submitter, Data Download, REST API), you receive a response with error code 403 Forbidden. This is visible either directly in the browser or upon inspection of an AJAX call in the F12 Developer Tools (Console tab).
In some cases (see cross-domain requests below), you will also get an error in the browser's JavaScript console.
Example, Chrome:
XMLHttpRequest cannot load http://safe.com/. No 'Access-Control-Allow-Origin'; header is present on the requested resource. Origin 'http://localhost:9909'; is therefore not allowed access.
Example, Firefox:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://safe.com/. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Example, Edge:
SEC7127: Redirect was blocked for CORS request. SCRIPT7002: XMLHttpRequest: Network Error 0x2ef1, Could not complete the operation due to error 00002ef1.
To learn how to use Developer Tools to monitor network traffic, please see the following documentation:
Cause
FME Flow will respond with a 403 Forbidden error when credentials have been supplied but the user is not authorized to access the resource. This can be a result of an incorrect username, password, or token, or of not having adequate permissions.
Additionally, this error may appear when trying to make an AJAX request from a different domain. This is because cross-domain requests are blocked by default.
Resolution
1. Verify that your username, password, or token is correct, and try again.
2. If you suspect this is a cross-domain request issue (CORS), please see our CORS documentation or the FME Flow Web UI documentation.
Comments
0 comments
Please sign in to leave a comment.