Closed krisho007 closed 5 years ago
Are you running from Fiori Launchpad, Fiori Client? Or else?
Check if you can add the service to the destinations, or better see the discussion here https://answers.sap.com/questions/99498/cors-issue-with-chrome.html
I am running from Fiori Launchpad, but On-Premise. So no chance for the destination.
Check the below code from abap.js.
As you see in the above image, URL is pointing to an external API, still, UI5 adds "X-XHR-Logon".
What I did in this case was the following workaround:
_overrideRequestPrototype: function () {
if (!XMLHttpRequest._SAP_ENHANCED) {
return;
}
this.__send = XMLHttpRequest.prototype.send;
XMLHttpRequest.prototype.send = function (oBody) {
let oChannel = {};
this._checkEventSubscriptions();
try {
oChannel = this._channel;
this._saveParams(oBody);
this._send(oBody);
if (oChannel) {
oChannel.sent();
}
} catch (oError) {
if (oChannel) {
oChannel["catch"](oError);
} else {
throw oError;
}
}
};
},
_restoreRequestPrototype: function () {
if (!XMLHttpRequest._SAP_ENHANCED) {
return;
}
XMLHttpRequest.prototype.send = this.__send;
}
Call the first method immediately before sending the request, the second one in the success/error callback
Thanks, @mschleeweiss for the workaround. But I do not have control on (when) this external API call. Nevertheless, this is a bug. There is no point sending x-xhr-logon http header to a public, non-SAP API.
Little more details on the impact of this bug.
So what happens when UI5 sends an unnecessary x-xhr-logon http header to a public, CORS compliant API?
In summary, because of this bug UI5 is forcing the use of a proxy product even when it is not required. Thus increasing the TCO (total cost of ownership) unnecessarily.
The header is not set or handled by OpenUI5, but within the Fiori Launchpad / SAPUI5. Therefore I'm closing this issue here. Please use the corresponding SAP support channels instead.
Hi @krisho007, you have the chance for a "destination" also on premise. Get your SAP basis admins to install a Web Dispatcher in front of the Lauchpad and reverse proxy the external API. CU Gregor
Hi @gregorwolf , Yeah I am aware of Web Dispatcher. But I do not want to do it as the third party API is CORS compliant (returns Access-Control-Allow-Origin: * ). SAPUI5 should fix this.
The code you mention is not handled by this project. Run an incident through the support system and my colleagues will route you to the correct team/project in order to get details about authentication in FLP
But I do not have control on (when) this external API call.
Can you elaborate on this? Is this API used somewhere in the SAP standard?
Hi Krisho007,
what is the solution to this issue please suggest.I am also getting same error. BR, Ram
@gregorwolf : I use an external JS library, which makes further calls to external CORS compliant library. These 'further calls' are not directly initiated by my code, thus I cannot rout them through the web dispatcher.
@rkmishra2703 : SAP has replied that issue is with Fiori Launchpad. (as @matz3 rightly pointed out). I will update here when I get a solution.
SAP has provided a solution. This issue is resolved with SAPUI5 version 1.60.9. Thought it will be useful to anyone coming here by searching.
Hi @krisho007 do you happen to have the SAP Note number for that issue?
@fabiopagoti There is no Note for it. SAP replied that the bug is resolved with 1.60.9 and I have verified it.
OpenUI5 version: 1.56.7
Browser/version (+device/version): Chrome
Any other tested browsers/devices(OK/FAIL): IE works fine.
Steps to reproduce the problem:
What is the expected result? Do not send header x-xhr-logon header along with the request to external API.
What happens instead? Sends unwanted http headers.