Skip to Content
Technical Articles

SOP stops CBTA

If you work in a S/4 HANA implementation project, it is very likely that you come across an architecture where you have a frontend server consisting of the FIORI applications and one or more backend servers.

In such architectures the FIORI Frontend Server (FES) is either deployed on premise as a Hub or within the SAP Cloud. Let us assume you have an architecture like SAP FIORI FES as Hub. You could either face just one backend server, e.g. S/4 HANA or different ones for different applications (S/4 HANA, CRM, CAR, etc.).

Image: SAP FIORI deployment options


Now, you want to automate some test cases with SAP CBTA. As the users will always login to the FIORI FES starting the Launchpad and from there either use a dedicated FIORI application or a transaction rendered in the current FIORI theme you want to start your recording there. In case of a FIORI application you will not encounter any surprises.

This will be different for a transaction rendered in the FIORI theme.

You do the recording with CBTA on any supported browser and it will be successful, and you get a test script generated. Next you will try to execute it to assure that it is doing what it should do. You may have already created a data container and a test configuration. – But to your surprise you will get error messages during execution. You will notice that after leaving the FIORI Launchpad no further UI objects get recognized.

Something must be wrong with the recorded URIs for the objects!

You start the object spy and want to spy the first UI object which was not recognized. To your second surprise the object is not recognized by the spy. It does not reveal any object properties! You will get some error message. The content of the error message will depend on your CBTA version and should be more precise and understandable from version onwards.

Image: Only the top of the Page is recognized, no object (e.g. More) in the Frame below


In order to understand the cause of the symptoms we need to know the following terms or policies.

Same Origin Policy

The same-origin policy (SOP) restricts which network messages one origin can send to another. An origin is defined by the scheme, host, and port of a URL. This is a security policy and prevents client scripts (e.g. JavaScript) to load content from an origin that differs from the visited web site.

Cross Origin Resource Sharing

The term Cross Origin Resource Sharing (CORS) was introduced by W3C as a recommendation to provide a mechanism to bypass the SOP. User agents which allow cross-origin requests typically include an http authentication and cookies. In this recommendation 3 further techniques are specified.

    • An Access-Control-Allow-Origin header can be included in the response with the origin that is allowed to send such a request
    • User agents can use a preflight request to figure out if the server would accept such a request
    • Server-side applications can discover an Origin in the header of the request to decide if they want to respond

Next, we need to understand CBTA in more detail.

The CBTA recorder and the CBTA execution and object spy use different technologies to interact with Frames in a Web Page! The CBTA recorder is built on top of browser extensions whether the CBTA execution and object spy are using JavaScript. – This means a recording can pass but the execution of the generated script can fail!

We did try to implement the Access-Control-Allow-Origin technique on the S/4 HANA backend server, but it was not successful.

Therefore, your only solution depends on the Browser which you are using.

MS Internet Explorer

In case you want to record and execute CBTA scripts with Internet Explorer you can use the compatibility mode of the object spy to activate an older implementation version (SAP Note: 2727630). This version will recognize the objects and with manual adjustments of the generated script you can execute it successful. Unfortunately, the performance of that object spy version is very poor.

Other Browsers

In case you want to or have to use other browsers you will have to use executables directly on the backend server. This way you can still test the functionality, but you will not be able to spot any rendering issues with the test script which the user may face, and you will not be able to identify any communication issues between the frontend and the backend server.

If you are not happy with the above restrictions, you will have to choose a different test automation tool than CBTA. Micro Focus UFT for example has no issues with such architectures! You can create with UFT a test script through standard recording and you will notice that in your script such Frames will be identified!

In case of descriptive programming you have to add the Frame object to your object hierarchy.

Browser("Enter Vendor Invoice:").Page("Enter Vendor Invoice:").Frame("Frame").WebEdit("Company Code").Set "PT09"
Browser("Enter Vendor Invoice:").Page("Enter Vendor Invoice:").Frame("Frame").WebButton("M1:50::btn[0]").Click





Be the first to leave a comment
You must be Logged on to comment or reply to a post.