I am someone who visits new blogs and posts on sap community almost everyday, but I have realized that there are so many standard settings which are not explained well in standard SAP blogs and even many people do not get these requirements, some of us get it but never find time to share it with the world.
- Value = * (allow all the URL)
- Value = url of the origin (only specific URLs
- Value = null (not allowed)
- Value = true (allow with credentials)
- Value = false (allow without credentials)
Now here the trick is
- If Access-Control-Allow-Origin = * can only work without credentials
- If Access-Control-Allow-Credentials = true , then it will only work with Access-Control-Allow-Origin =specific-origin-url
Now let us see how these setting have to maintained in SAP PO.
There are many other CORS settings but those are not available as part of adapter but you can pass them in the RESULT headers. I will give you one example
Hope this small and short blog will help fellow SAP folks here in their requirements some day. Keep sharing Keep Learning.