on 08-20-2015 6:17 PM
I am trying to run an SAPUI5 JavaScript application to read data from a NetWeaver Gateway OData service. I am running into cross origin policy issues.
My SAPUI5 code is running in a different domain from the OData service. The web service is secured using Basic Authentication (user ID and password).
This is what is happening...
I tried rewriting the JavaScript to send an Authentication header. However, the authentication data is never included in the OPTIONS request.
I did some more research, and I found that the CORS specification says two things: 1) OPTIONS shouldn’t require authentication on the server side, and 2) the browser will strip all headers from OPTIONS requests (including the Authentication Header!) before sending the request. Tilt.
It would seem that SAP’s support for CORS is lacking because it is requiring authentication on OPTIONS requests. Is there is something more I can do to get SAP to allow OPTIONS requests to be made unauthenticated?
How to do if we don't have an Apache Server.
Thanks
Sahil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steve-
I was able to fix the error by making changes in the Apache Web Server sitting in front of my SAP Portal. Following helped in fixing -
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
Basically, send a HTTP 200 for every OPTION requests which comes in to Apache.
Reference - http://serverfault.com/questions/231766/returning-200-ok-in-apache-on-http-options-requests
-Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steven,
Even though system gives you return a bad request. I does not mean that is CORS issue. Please login into backend system goto tcode : /IWFND/ERROR_LOG. Check if system is logging error here. If it is logging , select the error and click on active source . You can see the source code where there is exeception. You can even paste the source here with class name and method , so we can help you why you are getting that error.
Thanking you
Vengaiah
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steven-
Were you able to find solution for your problem? Does the Apache tweak of limiting OPTIONS work for you?
Thanks
-Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We have not tried this. So far, we are looking at proxying the requests.
We found this example on how to write a simple ABAP proxy - https://www.youtube.com/watch?v=RnWlIooOoIw
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I guess you are referencing Andre Fischer's comment that "CORS is not supported by the SAP NetWeaver stack. You would have to use a reverse proxy instead."
Is it possible to drop down to the Apache configuration level and configure CORS behavior by doing the following?
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.