Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Handling Cross Origin Issue in Sap Gateway

    Încărcat de

    karan.wizard
    878 vizualizări2 pagini
    CORS allows JavaScript code running in a browser to make requests to another domain. The browser and server interact to determine whether to allow cross-origin requests for improved functionality over same-origin requests only, but with more security than unrestricted cross-origin access. The /IWBEP/IF_MGW_CONV_SRV_RUNTIME interface in SAP NetWeaver Gateway provides a SET_HEADER method to add custom headers, such as Access-Control-Allow-Origin, enabling cross-origin requests. It can also set Cache-Control and Pragma headers to no-cache values to avoid caching of confidential data returned from GET methods.

    Descriere originală:

    Handling Cross Origin Issues in SAP Gateway

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    CORS allows JavaScript code running in a browser to make requests to another domain. The browser and server interact to determine whether to allow cross-origin requests for improved functionality over same-origin requests only, but with more security than unrestricted cross-origin access. The /IWBEP/IF_MGW_CONV_SRV_RUNTIME interface in SAP NetWeaver Gateway provides a SET_HEADER method to add custom headers, such as Access-Control-Allow-Origin, enabling cross-origin requests. It can also set Cache-Control and Pragma headers to no-cache values to avoid caching of confidential data returned from GET methods.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    878 vizualizări2 pagini

    Handling Cross Origin Issue in Sap Gateway

    Încărcat de

    karan.wizard
    CORS allows JavaScript code running in a browser to make requests to another domain. The browser and server interact to determine whether to allow cross-origin requests for improved functionality over same-origin requests only, but with more security than unrestricted cross-origin access. The /IWBEP/IF_MGW_CONV_SRV_RUNTIME interface in SAP NetWeaver Gateway provides a SET_HEADER method to add custom headers, such as Access-Control-Allow-Origin, enabling cross-origin requests. It can also set Cache-Control and Pragma headers to no-cache values to avoid caching of confidential data returned from GET methods.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    1.

    Handling the Cross-Origin Issue


    CORS: Cross Origin Resource Sharing is a mechanism that allows JavaScript on a web page to
    make XMLHttpRequests to another domain, not the domain the JavaScript originated from. Such
    "cross-domain" requests would otherwise be forbidden by web browsers, per the same origin security
    policy. CORS defines a way in which the browser and the server can interact to determine whether or
    not to allow the cross-origin request. It is more useful than only allowing same-origin requests, but it is
    more secure than simply allowing all such cross-origin requests.

    /IWBEP/IF_MGW_CONV_SRV_RUNTIME interface offers many useful methods. One of the


    methods offered by this interface is SET_HEADER which allows us to add a custom header
    enabling the cross origin requests.
    This method adds the header parameters to the HTTP response in a key/value approach.
    Parameter
    IS_HEADER

    Description
    Name/value pair as header parameter of the HTTP
    response.

    /IWBEP/IF_MGW_CONV_SRV_RUNTIME~SET_HEADER which can be used to set


    additional header fields.
    This is how a response looks before the addition of the custom header.

    We can add the header in our data provider class using the following code:
    data: ls_header TYPE ihttpnvp.
    ls_header-name = 'Access-Control-Allow-Origin' .
    ls_header-value = '*'.
    /iwbep/if_mgw_conv_srv_runtime~set_header( ls_header ).
    This sets the parameter in the response header.

    Custom
    Header
    added

    Sometimes, services may return confidential or person related data, where the User Agent is
    involved, and this data might implicitly be cached depending on the user's setting. To remove
    this behavior, SAP NetWeaver Gateway can instruct the User Agent not to cache specific
    data if needed. To avoid caching of confidential data, all GET methods returning such data
    must set the Cache-Control-Header. This again can be set using the same SET_HEADER
    method.
    data: ls_header type ihttpnvp.
    ls_header-name = 'Cache-Control'.
    ls_header-value = 'no-cache, no-store'. set_header( ls_header ).
    ls_header-name = 'Pragma'.
    ls_header-value = 'no-cache'. set_header( ls_header ).

    S-ar putea să vă placă și