Skip to Content

Access denied Error for sap-ui-core.js in IE8 !

Hi All

I am developing a SAPUI5 application hosted on a local installation (localhost) of Tomcat server, trying to display all the sales order from the SAP ES Workplace ERP system using the SAP Demo Gateway services provided...

I am using the following REST service to fetch all Sales Order - http://gw.esworkplace.sap.com/sap/opu/odata/sap/SALESORDERS/SOHeaders

My HTML5 application is running on the local host..But when I try to run this on IE8, gives me a Access denied

But the sap-ui-core.js is indeed placed under the location mentioned above..If I write a simple application which only display some text, the same code works.

Here is the HTML code I have written

<!DOCTYPE html><html>    <head>        <meta http-equiv='X-UA-Compatible' content='IE=edge' />        <title>Fetch Sales Order via Gateway - SAPUI5</title>        <script id="sap-ui-bootstrap"           type="text/javascript"           src="../sapui5/resources/sap-ui-core.js"           data-sap-ui-theme="sap_goldreflection"           data-sap-ui-libs="sap.ui.commons, sap.ui.table">           document.domain = '*.sap.com'        </script>        <script src="scripts/fetchsalesorder_new.js"></script>     </head>    <body class="sapUiBody">    <div id="salesorders"></div>        <div id="lineitems"></div>    </body></html>

And the snippet of the script file

//supress the Same Origin Policy on IE8 & Chromevar domainString = "document.domain";domainstring = "*.com"'Access-Control-Allow-Origin: *.sap.com''Access-Control-Allow-Headers: X-KEY'var ODataModel = sap.ui.model.odata.ODataModelvar salesOrderService =         "http://gw.esworkplace.sap.com/sap/opu/odata/sap/SALESORDERS/SOHeaders", username = "GW@ESW",   password = "ESW4GW",oModel = new sap.ui.model.odata.ODataModel("http://gw.esworkplace.sap.com/sap/opu/odata/sap/SALESORDERS/SOHeaders")asJson = false,salesOrderCollection = "SOHeader";var salesDetailsTable = new sap.ui.table.DataTable({   title : "Available Sales Order",   width : "100%",   visibleRowCount : 5,   ExpandedVisibleRowCount : 20,   selectionMode : sap.ui.table.SelectionMode.Single,   editable : false  });// connect the data table to the SalesOrder servicesalesDetailsTable.setModel(oModel);salesDetailsTable.bindRows("SOHeader");//place table at the div elementsalesDetailsTable.placeAt("salesorders");

What could be the issue here??

Appreciate any help.

Regards

Sandip

pastedImage_0.png (21.8 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 20, 2013 at 12:13 PM

    Hi,

    I developed a SAP UI 5 project consuming SAMPLE FLIGHT gateway service using eclipse plugin .

    I am getting the table layout but the table data is empty.

    The chrome javascript console says

     

    Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.

    Can anyone explain in detail how to suppress same origin policy by making changes in client side javascript code

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Bertam,

      I could not mark your answer as "correct " since i did not initiate the discussion .But your reply was very useful.

      Is deploying the SAP UI 5 app in the ABAP server is the only way the issue can be solved in production or can we use any third party reverse proxy servers ?

  • avatar image
    Former Member
    Jul 05, 2012 at 04:38 AM

    Hi Sandip,

    You can try disabling SOP in Chrome browser. Check the below post:

    http://stackoverflow.com/questions/3102819/chrome-disable-same-origin-policy

    Thanks

    Abhilash

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Sandip Agarwalla

      Hi Sandip,

      Where did yo add the Added Suppress SOP script in Eclipse. I mean which file. I Am fairly new to this to not sure where to add this.

      We are not using a proxy server though but ICM.

      Thanks

      Amina

  • Jul 04, 2012 at 10:52 PM

    Hi Sandip,

    I expect you are running into the so called Same Origin policy problem that I seem to deal with lately on an almost daily basis :-) Here is a good description of it: http://blogs.msdn.com/b/ieinternals/archive/2009/08/28/explaining-same-origin-policy-part-1-deny-read.aspx

    Since you are running on localhost and the webservice is from esworkspace.sap.com you are getting this Access Denied issue. Interestingly the first few lines of that script you show is trying to supress the same origin policy.

    The error you show is actually occurring on line 5920 in that sap-ui-core.js file. You should run the code in Firefox or Chrome and use the tools (or Firebug in firefox) to debug the error.

    Also try accessing your local tomcat with a proper FQDN like tomcat.sandip.com (edit your local hosts file to enable this) and see what happens - sometimes there are problems when you use localhost or IP addresses as "hostnames"

    Hope this helps and I look forward to seeing you blog about your experience using SAPUI5! 😉

    Simon

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 10, 2012 at 11:58 PM

    I am currently developing with SAPUI5 and facing the same problems mainly how to get around the "Cross Origin" security policy and so far my conclusions are:

    1. A used method to get around this problem is the use of JSONP BUT SAP REST Services don't         work with JSONP, responses are in XML format thus when creating a new ODataModel instance        the SECOND PARAMETER is useless.

    2. Bypassing BROWSER security

       CHROME : Using command line switch value "--disable-web-security" works fine.

                        

                         NOTE: It works fine only using this switch value no other is needed.

                         REMEMBER to CLOSE ALL CHROME WINDOWS, the entire PROCESS.

     

       IE8/IE9     :  It works for me LOWERING the SECURITY, I configured my HOST in TRUSTED                              SITES and PUT SECURITY LEVEL to LOW.

       FIREFOX  : For newer versions (I have version 17) it seems that security can not be configured to

                         bypass the SAME ORIGIN POLICY, although there are some workarounds for older

                         versions, not good.

    3.  A definitive solution probably could be one that is used all around for any WEB SERVER which

         requires to add at least ONE HTTP RESPONSE HEADER (Access-Control-Allow-Origin) BUT     

         in this case and following the theory the header needs to be as a part of the RESPONSE of the          "SAP NetWeaver Application Server" hosting the REST Service which in fact I don't know if it     

         is possible at all.

        IMPORTANT : The RESPONSE HEADER "Access-Control-Allow-Origin" needs to be applied

                              in the TARGET HOST from where data is ultimately retrieved thus if this HEADER

                              is added to the HOST where the SAPUI5 resources and develops are it won't work.

    Obviously the workaround of lowering the Browsers security is not the way to go.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Thanks for replying: pasting below the source code:

      index.html

      <!DOCTYPE HTML> 

      <html> 

           <head> 

                    <meta http-equiv="X-UA-Compatible" content="IE=edge"> 

                    <script src="./resources/sap-ui-core.js" type="text/javascript"  

                            id="sap-ui-bootstrap" 

                            data-sap-ui-libs="sap.ui.ux3, sap.ui.commons, sap.ui.table" 

                            data-sap-ui-theme="sap_goldreflection"> 

                     </script> 

                     <script type="text/javascript"> 

                          // Create a SAP UI5 shell element 

                          var oShell = new sap.ui.ux3.Shell("flightAppShell", {    

                               appIcon : "http://www.sap.com/global/images/SAPLogo.gif", 

                               appTitle : "Flight manager", }); 

                          // Just take the shell and place it in the html area called shellArea 

                          oShell.placeAt("shellArea"); 

                          sap.ui.localResources("sitmil"); 

                          var view = sap.ui.view({ 

                              id : "idFlightService1", 

                              viewName : "sitmil.retrieveFlight", 

                              type : sap.ui.core.mvc.ViewType.JS }); 

                          oShell.addContent(view); 

                     </script> 

           </head> 

           <body class="sapUiBody" role="application"> 

                <div id="shellArea"></div> 

           </body> 

      </html>

      retrieveFlightView.js

      sap.ui.jsview("sitmil.retrieveFlight", {

            getControllerName : function() {

               return "sitmil.retrieveFlight";

            },

            createContent : function(oController) {

                      var layout = new sap.ui.commons.layout.MatrixLayout('layout');   

                      layout.setWidth('80%');   

                      var rPannel = new sap.ui.commons.Panel('rPannel');             

                      var rTitle = new sap.ui.commons.Title('rTitle');    

                      rTitle.setText('All - Flights');    

                      rPannel.setTitle(rTitle);    

                      var oTable = new sap.ui.table.DataTable(); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "AirLine"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "AirLineID"), 

                                sortProperty: "AirLineID" 

                      })); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "Flight Number"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "FlightConnectionID"), 

                                sortProperty: "FlightConnectionID" 

                      })); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "Date"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "FlightDate"), 

                                sortProperty: "FlightDate" 

                      })); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "Airfare"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "AirFare"), 

                                sortProperty: "AirFare" 

                      })); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "Airline Currency"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "LocalCurrencyCode"), 

                                sortProperty: "LocalCurrencyCode" 

                      })); 

                      oTable.addColumn( 

                           new sap.ui.table.Column({ 

                                label: new sap.ui.commons.Label({text: "Type of the plane"}), 

                                template: new sap.ui.commons.TextField().bindProperty("value", "AirCraftType"), 

                                sortProperty: "AirCraftType" 

                      }));  

                      var oModel = new sap.ui.model.odata.ODataModel( 

                                                    "proxy/http/gw.esworkplace.sap.com/sap/opu/odata/IWBEP/RMTSAMPLEFLIGHT_2", 

                                                                        false, 

                                                                        "GW@ESW", 

                                                                        "ESW4GW"); 

                      oTable.setModel(oModel); 

                      oTable.bindRows("/FlightCollection"); 

                      rPannel.addContent(oTable);   

                      layout.createRow(rPannel); 

                      this.addContent(layout);

                          }

      });


      The developer trace shows the error:  GET http://GW%40ESW:ESW4GW@localhost:8080/SITMIL/proxy/http/gw.esworkplace.sap.com/sap/opu/odata/IWBEP/RMTSAMPLEFLIGHT_2/$metadata 500 (Internal Server Error)

      I have tried the Sales Order example in another blog by Sunil Sharma and I encounter the same problem: http://GW%40ESW:ESW4GW@localhost:8080/SalesOrderService/proxy/http/gw.esworkplace.sap.com/sap/opu/odata/sap/SALESORDERS/$metadata 2013-01-07 15:47:52 The following problem occurred: HTTP request failed500,Internal Server Error I believe its an issue with the availability of the Gateway Service now. What do you guess ?