Web server returning 'Cross-Origin Request Blocked' to browser

With a typical web service call made, the browser debugger is showing a Cross-Origin Request Blocked error because it Did not find method in CORS header, specifically Access-Control-Allow-Methods.

The resolution to this is quite simple with Oracle HTTP Server (OHS) 12c.

Browser Error: "Did not find method in CORS header"

The browser is showing the following in the debug console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://soadev:8888/HelloWorld. (Reason: Did not find method in CORS header 'Access-Control-Allow-Methods').

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://soadev:8888/HelloWorld. (Reason: CORS request did not succeed.)

Resolution

1. Stop OHS:

export WEB_DOMAIN_HOME=/u01/oracle/domains/ohs_domain
$WEB_DOMAIN_HOME/bin/stopComponent.sh ohs1

2. Edit these two files:

vi $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/moduleconf/osb.conf
vi $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/osb.conf

3. Add the following entry:

Header set Access-Control-Allow-Methods: "POST, GET, OPTIONS, PUT, DELETE" 

4. Start OHS:

$WEB_DOMAIN_HOME/bin/startComponent.sh ohs1 showErrorStack

5. Repeat this for all nodes in the OHS cluster.