Menu
I am using jQuery fileDownload (created by John Culviner) to load DOCX files that are dynamically generated by a JBoss server using RESTEasy. The application and file are on the same domain.
This works fine with documents that are fetched by HTTP GET.
However, in one case I have to use a HTTP POST request, so I can attach additional payload to the request. This also works in my local development environment, where I use HTTP. In production, however, the server is secured by HTTPS. There the file download does not work. In the browser console I get an error 403 (Forbidden) for the document's URL.
What is the problem here and how can I fix it? It seems like the browser cannot access the resource, but I'm not sure whether this is a client or a server problem. Do I have to set additional HTTP headers on either side? Or is this a JBoss configuration issue?
Since I cannot reproduce the problem locally, it is hard to debug.
Client code:
var downloadUrl = '/MyApp/foobar/download';
var downloadConfiguration = {
httpMethod: "POST",
data: JSON.stringify($scope.payload),
successCallback: onSuccess,
failCallback: onError
};
$.fileDownload(downloadUrl, downloadConfiguration);
Server code:
@POST
@Path("/download")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces("text/word")
public Response generateDocument(final InputStream request) throws Exception {
// ...
Response.ResponseBuilder builder = null;
File file = createMyDocument();
builder = Response.ok((Object)file);
builder.header("Content-Disposition", String.format("attachment; filename=\"%s.%s\"", FILENAME, EXTENSION));
builder.header("Set-Cookie", "fileDownload=true; path=/");
return builder.build();
}
EDIT:
I have also tried setting additional HTTP headers, but it did not help:
builder.header("X-Frame-Options", "SAMEORIGIN");
builder.header("Access-Control-Allow-Origin", "*");
EDIT 2:
I have added a Security Constraint to web.xml for the download URL, but it did not help:
<security-constraint>
<web-resource-collection>
<web-resource-name>Foobar-Download</web-resource-name>
<url-pattern>/foobar/download</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SOMEROLE</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
EDIT 3: The jQuery fileDownload plug-in uses an iframe with a hidden form for downloading. Maybe this interferes with the HTTPS connection? Some sort of CORS issue?
424
403 Forbidden indicates Authentication was successful (otherwise would return 401 unauthorized ) but the authenticated user does not have access to the resource, e.g. they don't have the required roles or permissions.
The 403 Forbidden error means that your server is working, but you no longer have permission to view all or some of your site for some reason. The two most likely causes of this error are issues with your WordPress site's file permissions or . htaccess file.
An HTTP 403 response code means that a client is forbidden from accessing a valid URL. The server understands the request, but it can't fulfill the request because of client-side issues. The caller isn't authorized to access an API that's using an API Gateway Lambda authorizer.
Have you checked your firewall configurations on server? I apologize if I am saying something obvious but, the first time you make a requisition to a server and it's not from the same directory and it is not set to allow any origin ( the allow *) you will get errors. After the first usage with the allow origin * you can make a local request for example from you machine, and then the server should accept it. Tell me if you get something.
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
