I am someone who visits new blogs and posts on sap community almost everyday, but I have realized that there are so many standard settings which are not explained well in standard SAP blogs and even many people do not get these requirements, some of us get it but never find time to share it with the world.

One of such detail I came across was the CORS settings with SAP PO Sender REST Adapter. The CORS settings are not much of a worry till the time you decide calling the APIs from AJAX, JavaScripts or externals scripts. The important CORS parameters which are available as standard feature in adapter are

1. Access-Control-Allow-Origin
   
   
   
   • Value = * (allow all the URL)
   
   
   • Value = url of the origin (only specific URLs
   
   
   • Value = null (not allowed)
   
   
   
   


2. Access-Control-Allow-Credentials
   
   
   
   • Value = true (allow with credentials)
   
   
   • Value = false (allow without credentials)
   
   
   
   

Now here the trick is

1. If Access-Control-Allow-Origin = * can only work without credentials


2. If Access-Control-Allow-Credentials = true , then it will only work with Access-Control-Allow-Origin =specific-origin-url

Now let us see how these setting have to maintained in SAP PO.



 





 

There are many other CORS settings but those are not available as part of adapter but you can pass them in the RESULT headers. I will give you one example

 



 

Hope this small and short blog will help fellow SAP folks here in their requirements some day. Keep sharing Keep Learning.