Skip to Content
Technical Articles
Author's profile photo Vikas Kumar Singh

CORS for SAP PO REST Sender Adapter

I am someone who visits new blogs and posts on sap community almost everyday, but I have realized that there are so many standard settings which are not explained well in standard SAP blogs and even many people do not get these requirements, some of us get it but never find time to share it with the world.

One of such detail I came across was the CORS settings with SAP PO Sender REST Adapter. The CORS settings are not much of a worry till the time you decide calling the APIs from AJAX, JavaScripts or externals scripts. The important CORS parameters which are available as standard feature in adapter are

  1. Access-Control-Allow-Origin
    • Value = * (allow all the URL)
    • Value = url of the origin (only specific URLs
    • Value = null (not allowed)
  2. Access-Control-Allow-Credentials
    • Value = true (allow with credentials)
    • Value = false (allow without credentials)

Now here the trick is

  1. If Access-Control-Allow-Origin = * can only work without credentials
  2. If Access-Control-Allow-Credentials = true , then it will only work with Access-Control-Allow-Origin =specific-origin-url

Now let us see how these setting have to maintained in SAP PO.



There are many other CORS settings but those are not available as part of adapter but you can pass them in the RESULT headers. I will give you one example



Hope this small and short blog will help fellow SAP folks here in their requirements some day. Keep sharing Keep Learning.



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Rajesh PS
      Rajesh PS

      Really good one Vikas.


      By the way I'm more keen on 'Allow only specific clients' CORS, wherein should we need to specify the identifiers or complete URL. It will be great if you example this area.

      Author's profile photo Vikas Kumar Singh
      Vikas Kumar Singh
      Blog Post Author

      Hi Rajesh,


      The 2nd image int he blog mentions the parameter Allow only specific clients, there you can enter URLs ( comma separated if multiple URL).



      Author's profile photo Srikanth Mavuri
      Srikanth Mavuri

      Good one...


      Nice explanation.

      Author's profile photo Vikas Kumar Singh
      Vikas Kumar Singh
      Blog Post Author


      Thanks for your comments.