handling cross origin issue in sap gateway
TRANSCRIPT
-
8/17/2019 Handling Cross Origin Issue in Sap Gateway
1/2
1. Handling the Cross-Origin Issue
CORS: Cross Origin Resource Sharing is a mechanism that allows JavaScript on a web page tomae !"#HttpRe$uests to another domain% not the domain the JavaScript originated &rom. Such'cross-domain' re$uests would otherwise be &orbidden b( web browsers% per the same origin securit(polic(. CORS de&ines a wa( in which the browser and the server can interact to determine whether or
not to allow the cross-origin re$uest. It is more use&ul than onl( allowing same-origin re$uests% but it ismore secure than simpl( allowing all such cross-origin re$uests.
/IWBEP/IF_MGW_CONV_SRV_RUNTIME inter&ace o&&ers man( use&ul methods. One o& themethods o&&ered b( this inter&ace is S)*+H),)R which allows us to add a custom headerenabling the cross origin re$uests.*his method adds the header parameters to the H** response in a e(/value approach.
Parameter Description
IS_HEADER Name/value pair as header parameter of the HTTP
response.
/I0)/I2+"30+CO45+SR5+R64*I")7S)*+H),)R which can be used to setadditional header &ields.*his is how a response loos be&ore the addition o& the custom header.
0e can add the header in our data provider class using the &ollowing code:data: ls+header *8) ihttpnvp.ls+header-name 9 ,ccess-Control-,llow-Origin .
ls+header-value 9 ;./iwbep/i&+mgw+conv+srv+runtime7set+header< ls+header =.*his sets the parameter in the response header.
http://en.wikipedia.org/wiki/Web_pagehttp://en.wikipedia.org/wiki/Web_pagehttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/Web_browsershttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/XMLHttpRequesthttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/Web_browsershttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Same_origin_policyhttp://en.wikipedia.org/wiki/Web_page
-
8/17/2019 Handling Cross Origin Issue in Sap Gateway
2/2
Sometimes% services ma( return con&idential or person related data% where the 6ser ,gent isinvolved% and this data might implicitl( be cached depending on the users setting. *o removethis behavior% S, 4et0eaver 3atewa( can instruct the 6ser ,gent not to cache speci&icdata i& needed. *o avoid caching o& con&idential data% all 3)* methods returning such datamust set the Cache-Control-Header. *his again can be set using the same S)*+H),)Rmethod.
data: ls+header t(pe ihttpnvp.ls+header-name 9 Cache-Control.ls+header-value 9 no-cache% no-store. set+header< ls+header =.ls+header-name 9 ragma.
ls+header-value 9 no-cache. set+header< ls+header =.
CustomHeader added