Skip to Content

RESTful API and CORS Error

We are trying to use the RESTful API. Everything works fine when we use Fiddler and Postman. When we try to use the RESTful service in a web page, we get a CORS error.

The specific error is: XMLHttpRequest cannot load https://xxxxxx/biprws/logon/long. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://yyyyy' is therefore not allowed access.

We are using the default settings for WAC, so the Allow Origins is set to *. The Max Age is set to 1440 minutes.

What else could we be missing?

We are using Crystal Server 2016 with BI 4.2.

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Aug 19, 2016 at 02:26 PM

    When you send headers in a CORS request, it creates a Pre-flight OPTIONS Request to the server instead or a GET when being called for the first time. Since the web service wants authentication data and doesn’t see any, it returns a 401 error to the Browser.

    The common solution to this is to change the server settings to Disable authentication for OPTIONS request. But unfortunately, the REST Framwork by SAP doesn't have a handler to do something like this.

    As far as i know, there can be 2 solutions: ( If you don't want a browser popup for credentials )
    a) Implement a Reverse Proxy
    b) Set the User ID and Pwd in the service and pass the credentials in an encoded format( for e.g Base64) and decode it within the handler and authenticate the user( FM: SUSER_CHECK_LOGIN_DATA )

    Thanks
    Sahil

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 22, 2016 at 01:22 PM


    Check this KBA :

    1733307 - JavaScript Access-Control-Allow-Origin and RESTful Web Services

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.