SharePoint link to Cognos TM1 Server causes 403

We have a strange issue where a direct link from SharePoint to a Cognos TM1 URL causes a 403, however if we refresh or paste-in the link directly it works.

The cause might be related to the leading “http” being stripped-off (see below with the other browsers), however that’s not clear in the raw HTML link or in the Fiddler results:

Any thoughts on a cause/fix?

From a SharePoint menu item:

GET http://server:9510/tm1web/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://portal/Pages/home.aspx
Accept-Language: en-AU
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: server:9510
Connection: Keep-Alive

Result [fail]:

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Mon, 23 Feb 2015 01:25:29 GMT

Hitting F5/Refresh in the browser after the 403:

GET http://server:9510/tm1web/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-AU
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: server:9510
Cookie: JSESSIONID=6A01B8265CC22BD13A9DD46575A6485F; DWRSESSIONID=gIilAwYv2K33Yahd$G7keNo4QKk

Result [works]:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Content-Length: 684
Date: Mon, 23 Feb 2015 01:43:40 GMT

Other browsers:

• Chrome also gets a 403 – but doesn’t display leading “http” in URL – this means hitting F5 has no affect:

• Firefox is the same as Chrome:

---

Our work-around is to use a non-SharePoint web-server with a page to do the redirect (e.g. a HTML META redirect).

We thought the PermissiveXFrameHeaderModule HTTP Module could be causing it, but disabling it on our development server still causes the issue.

---

Additional example:

From a SharePoint Redirect page:

GET http://portal/Pages/TM1-Redirect.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://portal/Pages/home.aspx
Accept-Language: en-AU
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: portal
Connection: Keep-Alive
Cookie: ...

Result #1 – redirect:

HTTP/1.1 302 Found
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 08 Feb 2015 01:45:45 GMT
Last-Modified: Mon, 23 Feb 2015 01:45:45 GMT
Location: http://server:9510/tm1web/
Server: Microsoft-IIS/8.0
X-SharePointHealthScore: 0
X-AspNet-Version: 4.0.30319
SPRequestGuid: 9664ec9c-9790-10c2-3b44-67b194daa158
request-id: 9664ec9c-9790-10c2-3b44-67b194daa158
SPRequestDuration: 74
SPIisLatency: 0
WWW-Authenticate: Negotiate ...
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.0.4561
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 23 Feb 2015 01:45:45 GMT
Content-Length: 146

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://server:9510/tm1web/">here</a>.</h2>
</body></html>

Result #2 – [fail – same as above]:

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Mon, 23 Feb 2015 01:45:45 GMT

Answer

<add key="CrossDomainAccessList" value="" />

<add key="CrossDomainAccessList" value="*" />

Attribution
Source : Link , Question Author : PeterX , Answer Author : masegaloeh