When attempting to access Appian, users may sometimes find their site or parts of their site not working due to rejected Cross Origin Resource Sharing (CORS) requests. When using Apache web server configured with SSL and JBoss, users may be shown a 401 error page whenever attempting to log in to their Appian site on Chrome. In some scenarios, popups may not show when attempting to open objects in the Designer interface (/designer). CORS requests can also be rejected if the SAML authentication is enabled but IdP is not added to the Appian CORS origin list.
Relevant errors found in the application server log following the main error are given below:
INFO [stdout] (ajp-/0.0.0.0:8009-1) javax.servlet.ServletException: CORS origin denied mycomputer.mydomain.com not on allowed list:
INFO [stdout] (ajp-/0.0.0.0:8009-1) at com.appiancorp.security.cors.CorsFilter.handleNormalRequest(CorsFilter.java:258)
INFO [stdout] (ajp-/0.0.0.0:8009-1) at com.appiancorp.security.cors.CorsFilter.doFilter(CorsFilter.java:249)
Each web browser has its own implementation and security layer. At some point in the normal operation of the browser at which the context/domain changes, Chrome will detect the change as a security issue and will fail to display content. Other browsers do not have constraints as strict as this although any CORS enabled browser is capable of throwing this error given the appropriate conditions.
For more information about CORS, refer to Telerik's article on CORS.
CORS request rejections most commonly occur due to improper configuration of the custom.properties file and CORS origins.
This article applies to all versions of Appian.
Last Reviewed: February 2017
© 2020 Appian. All rights reserved.