Get around cross-origin issues in your JavaScript applications using a proxy
Hi,
if you develop JavaScript applications you are surely aware of the same-origin-policy of browsers. This limits the application to request resources only from its own domain, while requests to any other domain will be blocked.
To solve this, you have one of two choices: either follow the CORS standard supported by the good guys of the browsers (guess what – the usual suspects of browsers don’t support it), or use a proxy within your Web application which is able to dispatch requests to resouces of other domains.
For the CORS approach, there is already a nice blog from Joanna Chan here in SCN. CORS is a good choice if you don’t need to support older browsers, like IE version 8 or 9, and if you are able to securely control the allowed originating domains in your server application or service.
If you can’t use the CORS approach for your scenario due to browser or security limitations, the other choice is to use a proxy within your Web application. For this, we have released a Connectivity Proxy component on sap.github.io under Apache License v2. This component provides a simple Java proxy servlet that makes use of the SAP HANA Cloud Connectivity Service to dispatch HTTP requests to resources from other domains. Using the Connectivity Service, the proxy is also able to dispatch to on-premise resources, using Destinations and the SAP HANA Cloud Connector. By this you can easily call, for instance, SAP NetWeaver Gateway systems which are located in a secured network from your JavaScript application running in the cloud.
Check out the sources and further documentation directly on github. As we follow an open-source approach here, you are also welcome to propose changes or extensions in case you spot areas in the proxy which shall be improved.
Hi Timo,
Thanks for releasing this ProxyServlet on GitHub. I just used it to connect a SAPUI5 application to my local Gateway system using Destinations. It works like a charm 🙂
Cheers,
Leo
Hi Leo,
good to hear 😳 . In case you find something to be added, please let me know.
Regards, Timo
Very cool! I have to admit I didn't even know about sap.github.io 🙂
And of course, thank you very much for sharing!!
Today we released version 0.1.2. of the connectivity proxy on github which adds some improvements in the security area:
If you use the connectivity proxy in productive scenarios, we recommend to ugrade to the new version.
Best regards,
Timo
Hi Timo - while the .docx instructions on github have been updated to include the new whitelist destination syntax, the .pdf instructions still need to be refreshed to reflect the new syntax:
<url-pattern>/proxy/yourDestinationName1/*</url-pattern>
<url-pattern>/proxy/yourDestinationName2/*</url-pattern>
Thanks for this tool!
Hi Geoffrey,
thanks for the hint. I will update the pdf soon with the correction.
Regards, Timo
Hi Tim
Thanks for Connectivity servlet, its really helpful.
I am using this to develop a UI which access the ODATA service from "cloud for customer" system. i am able to configure this for local testing but on cloud with https url i get "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" exception and with http request i get "502 bad Gateway"
This issue might not be related to the cross origin issue but can you help me with this?
Regards
Priyal
For anyone developing a UI5 client application without Maven, Java, or Eclipse. Demoed here is a very light weight approach with Node.js (a sample included for working behind corporate proxy) and an even lighter weight browser based approach using request high-jacker and corsproxy.com