Skip to Content
Technical Articles
Author's profile photo Bradley Smith

XSA CORS configuration in mta.yaml

This has been configured in some of my previous blogs but I thought the topic deserved its own post, short and sweet.

When needing to set up CORS configuration I found that it could be placed in a user-provided variable after application deployment. This was done via the cockpit and became rather tedious after multiple deployments.

 

Whilst making unrelated changes to an mta.yaml file I had the simple realization, this can be directly configured per module. Simply place the following property against your module definition in the mta.yaml

 

any mta.yaml that requires CORS

modules:
  - name: provider
    type: html5
    path: provider
    properties:
      CORS:
        - uriPattern: .
          allowedMethods:
            - GET
            - POST
          allowedOrigin:
            - host: '*.ondemand.com'

 

That is all there is to it, enjoy!

 

Assigned Tags

      8 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Hitesh Pathak
      Hitesh Pathak

      Hi Bradley,

      Thanks for sharing this blog, it is really helpful.

      Please share your input for my below query:

      To setup HANA LIVE connection between same HANA DB and multiple SAC environments, can we have multiple hosts in "allowedOrigin" property of CORS variable?

      Let me know if you need more inputs from me.

      Thanks and Regards,

      Hitesh Pathak

      Author's profile photo Bradley Smith
      Bradley Smith
      Blog Post Author

      Hi Hitesh,

      That is a great question, this is something I have not tried yet. A quick look at the README.md from the @sap/approuter node module says that you can:

      Property | Type | Optional | Description
      -------- | ---- |:--------:| -----------
      allowedOrigin| Array | | A comma-separated list of objects that each one of them containing host name, port and protocol that are allowed by the server.for example: [{?host?: "www.sap.com"}] or [{?host?: ?*.sap.com?}]. **Note:** matching is case-sensitive. In addition, if port or protocol are not specified the default is ?_*_?. **Defaults:** none.

      This example is referring to a json configuration, but the same should be achievable with the mta.yaml. Something like this perhaps?

      modules:
        - name: provider
          type: html5
          path: provider
          properties:
            CORS:
              - uriPattern: .
                allowedMethods:
                  - GET
                  - POST
                allowedOrigin:
                  - host: '*.ondemand.com'
                  - host: '*.sap.com'
                  - host: '*.google.com'

      Let me know if this helps.

       

       

      Author's profile photo Mohammed Aftab Altaf
      Mohammed Aftab Altaf

      Hi Bradley,

      I get into the CORS problem while accessing xsodata service from ui5 application which is deployed on another server (my UI5 application is running on different server than my XSJS module). I tried adding CORS to the mta file but it still does not work.

      Issue Details (facing the similar problem) : https://answers.sap.com/questions/314588/'no-'access-control-allow-origin'-header'-error-wh.html

      Could you let me know where am I going wrong?

      Thanks & Regards,

      Mohammed Aftab

      Author's profile photo Bradley Smith
      Bradley Smith
      Blog Post Author

      Hi Mohammed,

      It is hard to tell exactly without seeing everything but it looks like you have placed the cors setting under the properties of the required module. this is incorrect.

      it should be added directly to the properties of your module as in my initial example. in your case this would be your xsjs module.

      hope this helps.

      Author's profile photo Ingo Carstens
      Ingo Carstens

      Hello,

      I filled in your code in mta.yaml:

      - name: Ereignisse
      type: html5
      path: Ereignisse
      properties:
      CORS:
      -uriPattern: .
      -allowedMethods:
      -GET
      -POST
      -allowedOrigin:
      -host: '*.ondemand.com'

      Author's profile photo Ingo Carstens
      Ingo Carstens

      ... sorry. Wrong button pressed;-)

      unfortunately it's not working: I get an error whenever I start my module:

      Application is starting
      9/18/21 4:45:32.398 PM [APP/5-0] ERR
      9/18/21 4:45:32.402 PM [APP/5-0] ERR /hdb/FSS/xs/app_working/dghhdfss2001/executionroot/2625da8a-3a45-4b20-9cdd-e54fd61636b7/app/node_modules/@sap/approuter/lib/utils/JsonValidator.js:30
      9/18/21 4:45:32.402 PM [APP/5-0] ERR throw new VError('%s%s: %s',
      9/18/21 4:45:32.402 PM [APP/5-0] ERR ^
      9/18/21 4:45:32.402 PM [APP/5-0] ERR VError: cors-configuration: Invalid type: object (expected array)
      9/18/21 4:45:32.402 PM [APP/5-0] ERR at JsonValidator.validate (/hdb/FSS/xs/app_working/dghhdfss2001/executionroot/2625da8a-3a45-4b20-9cdd-e54fd61636b7/app/node_modules/@sap/approuter/lib/utils/JsonValidator.js:30:11)
      9/18/21 4:45:32.402 PM [APP/5-0] ERR at Object.validateCors (/hdb/FSS/xs/app_working/dghhdfss2001/executionroot/2625da8a-3a45-4b20-9cdd-e54fd61636b7/app/node_modules/@sap/approuter/lib/configuration/validators.js:314:15)
      What's wrong?
      Kind regards
      Ingo Carstens
      Author's profile photo Ingo Carstens
      Ingo Carstens

      Hello,

      I found this error by myself. Now the syntax is correct. But it is still not working. I always get the same CORS error.

       

      Kind regards

      Ingo Carstens

      Author's profile photo Saikrishna Venkata Gadi
      Saikrishna Venkata Gadi

      hi ,

      we tried adding in the MTA.YAML file in the xsjs module however it does not work. Is there anything we are missing?

      thanks,

      Saikrishna