on 04-08-2023 7:57 PM
Hi and_andrey,
You have an authorization error (http 401 means you are trying to retrieve a protected resource from your web application). If you are using SAP's AppRouter to implement security on your app, check the file xs-app.json conatins a route to "/nosecure" with authentication = 'none'. It should look like so:
{
"authenticationMethod": "route",
"routes": [
{
"source": "/nosecure/(.*)",
"target": "/nosecure/$1",
"localDir": "my-static-resources"
"authenticationType": "none",
"csrfProtection": false
},
{
"source": "^/(.*)$",
"target": "/web/$1",
"authenticationType": "xsuaa",
"csrfProtection": true
}
]
}<br>
Otherwise, please share that file along with mta.yaml and xs-security.json so we are able to give you more pointers.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ivan.
Thank you for answer.
Kindly see screens below. Please, take a look at masks in xs-app.json.
Also, I attached log from BTP.
Error from BTP:
GET request to /341ae989-f0ea-4ad7-b005-ee202fcd7b63.testmanifest.testmanifest-0.0.1 completed with status 500 xs-app.json/routes/0: Format validation failed (Route does not have a destination nor a localDir nor a service)
As result Error 500 in response.
Thx.
Hi and_andrey,
Sorry, my fault - I accidentally deleted a piece of configuration for that specific route. You should be using either a service, a local resource or a destination. On my particular example, the nonsecure reffered to a localDir which is supposed to be on the file system of the AppRouter itself.
Please check the options here:
https://www.npmjs.com/package/@sap/approuter
Best regards,
Ivan
Hi and_andrey,
I understand that those resources are just the json files that are required by your application when there is no user logged on yet.
However, if you do not have that situation, the recommendation is that you have a user logon to the application before you deliver such resources to the front-end.
I suppose you can use the service parameter without any issues - but I am not a PWA expert so I cannot attest that it is safe to serve such resources without any authentication.
Since such resources are found under the html5 repository service, it simply means that there is no authentication required for anyone to load resources from that path (nosecure) which are served by the html5 repository.
Best regards,
Ivan
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.