on 06-11-2015 7:09 PM
I'm not able to get CORS working for XS services running on my HANA rev92 server. My JavaScript client is returning "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:36262' is therefore not allowed access."
The issue is similar to and I've tried all the remedies suggested there. If you read the exchange carefully, you'll see that although the narrower question about CORS with authentication is answered, people have added to the post with questions that haven't been answered. In particular, people are wondering if CORS is working on SPS9.
So, here are my questions:
Add Exposed Header dialog not working:
Pressing Add Button results in JavaScript Error:
Hi Michael!
I'm sure of:
I'm would recheck the content of your .xsaccess file in terms of any cors configuration
Silly question: are you setting the CORS configuration for the right package on XS Admin?
If none of this works, I would try to remove any "prevent_xsrf" configuration from your .xsaccess file or set it to false. I cannot explain why but for more than once my problem trying to access a resource was this configuration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"Exposed Headers" property should not be empty as it allows client JavaScript to fetch an XSRF token.
The key part in CORS implementation is to get HANA XS to authenticate a user and retrieve an XSRF token before making "useful" CORS calls. That is why Jung's code example makes two web-service calls.
My .xsaccess has the following configuration that makes above possible:
"allowHeaders": [
"Accept",
"Authorization",
"Content-Type",
"X-CSRF-Token"
],
"exposeHeaders": [
"x-csrf-token"
]
Alexei
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael,
"Is it correct to assume that the XS Admin tool overrides .xsaccess?" - If there are for one and the same package, the configurations specified via the XS Admin tool take precedence over the .xsaccess file.
"Do I need to allow "Exposed Headers"?" - If you use headers that are not simple, you must
explicitly add them to the allowed headers list.
"I can open the "Add Exposed Header" dialog but pressing the "Add" button results in JavaScript errors. See below for screenshots. Is this a bug? If so, Is there a workaround?" - It could be a bug in the XS Admin tool in rev92, but I'm not completely sure. A possible workaround is to add the exposed headers to the .xsaccess file for this package (or to a parent package).
Also it would be helpful if you provide the request headers for the request that fails.
Best regards,
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Stephan,
Thanks for the link to "simple" headers. I still suspect that CORS isn't working properly on SPS92.
I ended up working around the issue by changing to JSONP. The switch was simple and effective.
I have exactly the same issue over here. Read all the posts and tried about everything.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.