HTTPS POST request causes error 403 (Forbidden)

Question

HTTPS POST request causes error 403 (Forbidden)

I use jQuery fileDownload (created by John Culviner ) to load DOCX files that are dynamically generated by the JBoss server using RESTEasy. Application and file are in the same domain.

This works great with documents received by HTTP GET.

However, in one case, I have to use an HTTP POST request , so I can attach an additional payload to the request. This also works in my local development environment where I use HTTP. However, in production, the server is protected by HTTPS . There the file download does not work. In the browser console, I get an error 403 (Forbidden) for the document URL.

What is the problem and how to fix it? It looks like the browser cannot access the resource, but I'm not sure if this is a client or server problem. Should I set extra HTTP headers on both sides? Or is it a JBoss configuration problem?

Since I cannot reproduce the problem locally, it is difficult to debug it.

Client Code:

var downloadUrl = '/MyApp/foobar/download'; var downloadConfiguration = { httpMethod: "POST", data: JSON.stringify($scope.payload), successCallback: onSuccess, failCallback: onError }; $.fileDownload(downloadUrl, downloadConfiguration);

Server Code:

 @POST @Path("/download") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces("text/word") public Response generateDocument(final InputStream request) throws Exception { // ... Response.ResponseBuilder builder = null; File file = createMyDocument(); builder = Response.ok((Object)file); builder.header("Content-Disposition", String.format("attachment; filename=\"%s.%s\"", FILENAME, EXTENSION)); builder.header("Set-Cookie", "fileDownload=true; path=/"); return builder.build(); }

EDIT:

I also tried setting extra HTTP headers, but that didn't help:

 builder.header("X-Frame-Options", "SAMEORIGIN"); builder.header("Access-Control-Allow-Origin", "*");

EDIT 2:

I added Security Constraint in web.xml for the download url, but that didn't help:

 <security-constraint> <web-resource-collection> <web-resource-name>Foobar-Download</web-resource-name> <url-pattern>/foobar/download</url-pattern> </web-resource-collection> <auth-constraint> <role-name>SOMEROLE</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>

EDIT 3: The downloadable jQueryDownload plugin uses an iframe with a hidden form for loading. Maybe this interferes with HTTPS connection? Some kind of CORS question?

+5

jquery https http-post download jboss

user1438038 Dec 15 '17 at 13:11

source share

4 answers

Mateus dos santos · Answer 1 · 2017-12-15T13:16:16+0000

Have you checked the firewall settings on the server? I apologize if I say something obvious, but when I first access the server, and not from the same directory, and it is not configured to allow any origin (allow *), you will get errors. After the first use with an authorized source *, you can make a local request, for example, from your computer, and then the server should accept it. Tell me if you get something.

Dennie de lange · Answer 2 · 2018-02-16T01:17:34+0000

My best guess is that an active servlet filter is installed on the server, which prevents sending requests to the rest of the endpoint. Have you tried to increase the debugging level of JBOSS and check the logs for the culprit?

I am almost 100% sure that it has nothing to do with http / https (or someone has implemented a very strange logic).

Alexis · Answer 3 · 2018-02-16T13:27:03+0000

Your request is Json encoded and your server is expecting a form encoded.

Try changing the request data object to a FormData () object .

hfontanez · Answer 4 · 2018-02-16T15:37:21+0000

My best guess is that this is related to setting up JBOSS SSL. I suggest you get started and go back.

HTTPS POST request causes error 403 (Forbidden)

More articles: