When building SAP Fiori-like custom applications customers may have the concern that confidential data may be cached by the browser and may thus potentially remain on the device.

To avoid this behavior the response of our SAP NetWeaver Gateway OData service has to contain the following values in the HTTP header:

cache-control no-cache, no-store

pragma no-cache

There is fortunately the option for the SAP NetWeaver Gateway developer to instruct the User Agent not to cache specific data if needed.

We will enhance the simple sample service showing product data that I have descirbed in the following whitepaper

How to Develop a Gateway Service using Code based Implementation

The only thing we have to do is to add the following coding into the GET_ENTITYSET method I have taken from the SAP Online Help.

data: ls_header type ihttpnvp.

ls_headername = ‘Cache-Control’.

ls_headervalue = ‘no-cache, no-store’.

set_header( ls_header ).

ls_headername = ‘Pragma’.

ls_headervalue = ‘no-cache’.

set_header( ls_header ).

When running the following URI /sap/opu/odata/sap/ZPRODUCT_SRV/ProductSet in the SAP NetWeaver Gateway Client you will notice that the appropriate header values have been set.

no cache response.PNG

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

    1. Vijay Vegesana

      Hello Andre,

      One quick question: I added two new fields in dev system and I am able to see the new fields in the metadata where as I am not getting Cache-control and Pragma in the HTTP response in Dev Environment.

      I have moved the same transport to QA and I am not able to see the new fields in the metadata.I compared the version in both DEV and QA, these are same.

      1) Cleared the cache in both front end and back end in QA.

      2) In HTTP response I am getting Cache-control and Pragma in QA Environment.

      Can you please let us know ASAP, as we got stuck here.

      Not able to see the added new fields in Quality system

      And also one more pointer:

      1) Please find the screen shots for DEV and QA for HTTP Responses.

      2) Is there any difference in Server Protocol HTTP/1.0 and HTTP 1.1

      3) In Dev it is showing as HTTP/1.0 and in QA it is showing as HTTP/1.1

      http://help.sap.com/saphelp_nw73/helpdata/en/4a/96b778948f5ff2e10000000a421937/content.htm

      Dev_Screenshot.png

      Can you please let us know is anything stopping us because of this HTTP Responses.

      Thanks

      Vijay

      (0) 
      1. Andre Fischer Post author

        Hi Vijay,

        the difference in both screen shots is not only the system but also the URL being called.

        In HQA you call the URL of the service document whereas in HQU you call the URL of the $metadata document.

        So you should try to call the same URL’s

        <service_root_URL>?$format=xml and

        <service_root_URL>/$metadata in both systems and only compare the response of the same URL .

        Regards,

        Andre

        (0) 
  1. Ioan Radulescu

    thanks, awesome stuff. I would like to know more about security with ODATA and SAPUI5. I think security is becoming fast the most important thing about developing software… And we’re very exposed with Web Applications so yeah, I’d take a course on that, if there is one.

    (0) 

Leave a Reply