Skip to Content

Hi,

if you develop JavaScript applications you are surely aware of the same-origin-policy of browsers. This limits the application to request resources only from its own domain, while requests to any other domain will be blocked.

To solve this, you have one of two choices: either follow the CORS standard supported by the good guys of the browsers (guess what – the usual suspects of browsers don’t support it), or use a proxy within your Web application which is able to dispatch requests to resouces of other domains.

For the CORS approach, there is already a nice blog from Joanna Chan here in SCN. CORS is a good choice if you don’t need to support older browsers, like IE version 8 or 9, and if you are able to securely control the allowed originating domains in your server application or service.

If you can’t use the CORS approach for your scenario due to browser or security limitations, the other choice is to use a proxy within your Web application. For this, we have released a Connectivity Proxy component on sap.github.io under Apache License v2. This component provides a simple Java proxy servlet that makes use of the SAP HANA Cloud Connectivity Service to dispatch HTTP requests to resources from other domains. Using the Connectivity Service, the proxy is also able to dispatch to on-premise resources, using  Destinations and the SAP HANA Cloud Connector. By this you can easily call, for instance, SAP NetWeaver Gateway systems which are located in a secured network from your JavaScript application running in the cloud.

Check out the sources and further documentation directly on github. As we follow an open-source approach here, you are also welcome to propose changes or extensions in case you spot areas in the proxy which shall be improved.

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

  1. L. van Hengel

    Hi Timo,

    Thanks for releasing this ProxyServlet on GitHub. I just used it to connect a SAPUI5 application to my local Gateway system using Destinations. It works like a charm 🙂

    Cheers,

    Leo

    (0) 
  2. Former Member Post author

    Today we released version 0.1.2. of the connectivity proxy on github which adds some improvements in the security area:

    • You now need to whitelist the destinations used by an application on servlet level. This prevents that unintended destinations can be called by the client application.
    • We added an abstract class SecurityHandler which is meant to handle additional security related tasks. As of today, it provides a method used to filter out response headers sent by the backend to the proxy which should not be passed through to the client.

    If you use the connectivity proxy in productive scenarios, we recommend to ugrade to the new version.

    Best regards,

      Timo

    (0) 
    1. Geoffrey Mantel

      Hi Timo – while the .docx instructions on github have been updated to include the new whitelist destination syntax, the .pdf instructions still need to be refreshed to reflect the new syntax:

        <url-pattern>/proxy/yourDestinationName1/*</url-pattern>

        <url-pattern>/proxy/yourDestinationName2/*</url-pattern>

      Thanks for this tool!

      (0) 
  3. Priyal Choubey

    Hi Tim

    Thanks for Connectivity servlet, its really helpful.

    I am using this to develop a UI which access the ODATA service from “cloud for customer” system. i am able to configure this for local testing but on cloud with https url i get “javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated” exception and with http request i get “502 bad Gateway”

    This issue might not be related to the cross origin issue but can you help me with this?

    Regards

    Priyal

    (0) 
  4. Former Member

    For anyone developing a UI5 client application without Maven, Java, or Eclipse. Demoed here is a very light weight approach with Node.js (a sample included for working behind corporate proxy) and an even lighter weight browser based approach using request high-jacker and corsproxy.com

    (0) 

Leave a Reply