handling cross origin issue in sap gateway

Upload: karanwizard

Post on 06-Jul-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/17/2019 Handling Cross Origin Issue in Sap Gateway

    1/2

    1. Handling the Cross-Origin Issue

    CORS: Cross Origin Resource Sharing is a mechanism that allows JavaScript on a web page tomae !"#HttpRe$uests to another domain% not the domain the JavaScript originated &rom. Such'cross-domain' re$uests would otherwise be &orbidden b( web browsers% per the same origin securit(polic(. CORS de&ines a wa( in which the browser and the server can interact to determine whether or

    not to allow the cross-origin re$uest. It is more use&ul than onl( allowing same-origin re$uests% but it ismore secure than simpl( allowing all such cross-origin re$uests.

     /IWBEP/IF_MGW_CONV_SRV_RUNTIME inter&ace o&&ers man( use&ul methods. One o& themethods o&&ered b( this inter&ace is S)*+H),)R which allows us to add a custom headerenabling the cross origin re$uests.*his method adds the header parameters to the H** response in a e(/value approach.

    Parameter Description

    IS_HEADER Name/value pair as header parameter of the HTTP

    response.

    /I0)/I2+"30+CO45+SR5+R64*I")7S)*+H),)R which can be used to setadditional header &ields.*his is how a response loos be&ore the addition o& the custom header.

    0e can add the header in our data provider class using the &ollowing code:data: ls+header *8) ihttpnvp.ls+header-name 9 ,ccess-Control-,llow-Origin .

    ls+header-value 9 ;./iwbep/i&+mgw+conv+srv+runtime7set+header< ls+header =.*his sets the parameter in the response header.

    http://en.wikipedia.org/wiki/Web_pagehttp://en.wikipedia.org/wiki/Web_pagehttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/Web_browsershttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/Web_browsershttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Web_page

  • 8/17/2019 Handling Cross Origin Issue in Sap Gateway

    2/2

    Sometimes% services ma( return con&idential or person related data% where the 6ser ,gent isinvolved% and this data might implicitl( be cached depending on the users setting. *o removethis behavior% S, 4et0eaver 3atewa( can instruct the 6ser ,gent not to cache speci&icdata i& needed. *o avoid caching o& con&idential data% all 3)* methods returning such datamust set the Cache-Control-Header. *his again can be set using the same S)*+H),)Rmethod.

    data: ls+header t(pe ihttpnvp.ls+header-name 9 Cache-Control.ls+header-value 9 no-cache% no-store. set+header< ls+header =.ls+header-name 9 ragma.

    ls+header-value 9 no-cache. set+header< ls+header =.

     

    CustomHeader added