Skip to Content
Former Member
Mar 05, 2012 at 12:52 PM

Problem: Access-Control-Allow-Origin



we are using a small BSP application to create a xml file. Now we tried to get this file per AJAX http request and receive following error message:

Origin ***** is not allowed by Access-Control-Allow-Origin.

I know, that most browsers block cross-domain requests, if the requested page doesn't allow it.

We set two header fields within the BSP page:

runtime->server->response->set_header_field( name  = 'Access-Control-Allow-Origin'
                                             value = '*' ).
runtime->server->response->set_header_field( name  = 'Access-Control-Allow-Methods'
                                             value = 'POST, GET' ).

Problem seems to be, that field names are converted to lower case (they are case sensitive), so that:

access-control-allow-origin: *

access-control-allow-methods: POST, GET

is send to the browser.

We tested this on a Web AS 620 and 700, both show header field names only in lower case.

Does anyone has an idea how we can solve this problem?


Sven Klußmann