Skip to Content
Technical Articles

XSA CORS configuration in mta.yaml

This has been configured in some of my previous blogs but I thought the topic deserved its own post, short and sweet.

When needing to set up CORS configuration I found that it could be placed in a user-provided variable after application deployment. This was done via the cockpit and became rather tedious after multiple deployments.

 

Whilst making unrelated changes to an mta.yaml file I had the simple realization, this can be directly configured per module. Simply place the following property against your module definition in the mta.yaml

 

any mta.yaml that requires CORS

modules:
  - name: provider
    type: html5
    path: provider
    properties:
      CORS:
        - uriPattern: .
          allowedMethods:
            - GET
            - POST
          allowedOrigin:
            - host: '*.ondemand.com'

 

That is all there is to it, enjoy!

 

/
4 Comments
You must be Logged on to comment or reply to a post.
  • Hi Bradley,

    Thanks for sharing this blog, it is really helpful.

    Please share your input for my below query:

    To setup HANA LIVE connection between same HANA DB and multiple SAC environments, can we have multiple hosts in “allowedOrigin” property of CORS variable?

    Let me know if you need more inputs from me.

    Thanks and Regards,

    Hitesh Pathak

    • Hi Hitesh,

      That is a great question, this is something I have not tried yet. A quick look at the README.md from the @sap/approuter node module says that you can:

      Property | Type | Optional | Description
      ——– | —- |:——–:| ———–
      allowedOrigin| Array | | A comma-separated list of objects that each one of them containing host name, port and protocol that are allowed by the server.for example: [{?host?: “www.sap.com”}] or [{?host?: ?*.sap.com?}]. **Note:** matching is case-sensitive. In addition, if port or protocol are not specified the default is ?_*_?. **Defaults:** none.

      This example is referring to a json configuration, but the same should be achievable with the mta.yaml. Something like this perhaps?

      modules:
        - name: provider
          type: html5
          path: provider
          properties:
            CORS:
              - uriPattern: .
                allowedMethods:
                  - GET
                  - POST
                allowedOrigin:
                  - host: '*.ondemand.com'
                  - host: '*.sap.com'
                  - host: '*.google.com'

      Let me know if this helps.

       

       

  • Hi Bradley,

    I get into the CORS problem while accessing xsodata service from ui5 application which is deployed on another server (my UI5 application is running on different server than my XSJS module). I tried adding CORS to the mta file but it still does not work.

    Issue Details (facing the similar problem) : https://answers.sap.com/questions/314588/'no-'access-control-allow-origin'-header'-error-wh.html

    Could you let me know where am I going wrong?

    Thanks & Regards,

    Mohammed Aftab

    /
    • Hi Mohammed,

      It is hard to tell exactly without seeing everything but it looks like you have placed the cors setting under the properties of the required module. this is incorrect.

      it should be added directly to the properties of your module as in my initial example. in your case this would be your xsjs module.

      hope this helps.