Technical Articles
XSA CORS configuration in mta.yaml
This has been configured in some of my previous blogs but I thought the topic deserved its own post, short and sweet.
When needing to set up CORS configuration I found that it could be placed in a user-provided variable after application deployment. This was done via the cockpit and became rather tedious after multiple deployments.
Whilst making unrelated changes to an mta.yaml file I had the simple realization, this can be directly configured per module. Simply place the following property against your module definition in the mta.yaml
any mta.yaml that requires CORS
modules:
- name: provider
type: html5
path: provider
properties:
CORS:
- uriPattern: .
allowedMethods:
- GET
- POST
allowedOrigin:
- host: '*.ondemand.com'
That is all there is to it, enjoy!
Hi Bradley,
Thanks for sharing this blog, it is really helpful.
Please share your input for my below query:
To setup HANA LIVE connection between same HANA DB and multiple SAC environments, can we have multiple hosts in "allowedOrigin" property of CORS variable?
Let me know if you need more inputs from me.
Thanks and Regards,
Hitesh Pathak
Hi Hitesh,
That is a great question, this is something I have not tried yet. A quick look at the README.md from the @sap/approuter node module says that you can:
Property | Type | Optional | Description
-------- | ---- |:--------:| -----------
allowedOrigin| Array | | A comma-separated list of objects that each one of them containing host name, port and protocol that are allowed by the server.for example: [{?host?: "www.sap.com"}] or [{?host?: ?*.sap.com?}]. **Note:** matching is case-sensitive. In addition, if port or protocol are not specified the default is ?_*_?. **Defaults:** none.
This example is referring to a json configuration, but the same should be achievable with the mta.yaml. Something like this perhaps?
Let me know if this helps.
Hi Bradley,
I get into the CORS problem while accessing xsodata service from ui5 application which is deployed on another server (my UI5 application is running on different server than my XSJS module). I tried adding CORS to the mta file but it still does not work.
Issue Details (facing the similar problem) : https://answers.sap.com/questions/314588/'no-'access-control-allow-origin'-header'-error-wh.html
Could you let me know where am I going wrong?
Thanks & Regards,
Mohammed Aftab
Hi Mohammed,
It is hard to tell exactly without seeing everything but it looks like you have placed the cors setting under the properties of the required module. this is incorrect.
it should be added directly to the properties of your module as in my initial example. in your case this would be your xsjs module.
hope this helps.
Hello,
I filled in your code in mta.yaml:
- name: Ereignisse
type: html5
path: Ereignisse
properties:
CORS:
-uriPattern: .
-allowedMethods:
-GET
-POST
-allowedOrigin:
-host: '*.ondemand.com'
... sorry. Wrong button pressed;-)
unfortunately it's not working: I get an error whenever I start my module:
Hello,
I found this error by myself. Now the syntax is correct. But it is still not working. I always get the same CORS error.
Kind regards
Ingo Carstens
hi ,
we tried adding in the MTA.YAML file in the xsjs module however it does not work. Is there anything we are missing?
thanks,
Saikrishna