We are trying to use the RESTful API. Everything works fine when we use Fiddler and Postman. When we try to use the RESTful service in a web page, we get a CORS error.
The specific error is: XMLHttpRequest cannot load https://xxxxxx/biprws/logon/long. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://yyyyy' is therefore not allowed access.
We are using the default settings for WAC, so the Allow Origins is set to *. The Max Age is set to 1440 minutes.
What else could we be missing?
We are using Crystal Server 2016 with BI 4.2.
2 Answers
-
Former MemberPosted on Aug 19, 2016 at 02:26 PMWhen you send headers in a CORS request, it creates a Pre-flight OPTIONS Request to the server instead or a GET when being called for the first time. Since the web service wants authentication data and doesn’t see any, it returns a 401 error to the Browser.
The common solution to this is to change the server settings to Disable authentication for OPTIONS request. But unfortunately, the REST Framwork by SAP doesn't have a handler to do something like this.
As far as i know, there can be 2 solutions: ( If you don't want a browser popup for credentials )
a) Implement a Reverse Proxy
b) Set the User ID and Pwd in the service and pass the credentials in an encoded format( for e.g Base64) and decode it within the handler and authenticate the user( FM: SUSER_CHECK_LOGIN_DATA )Thanks
SahilAdd a comment
Add a comment