Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Customer Checkout Call To Service Layer Failed

mohamed_abdelsattar
Participant

on ‎2020 Sep 23 12:17 PM

0 Likes
1,690

Hello Experts,

bikash.bansal anderson.schmitt gunther.sandtner2

We're trying to call SAP Business One from Customer Checkout via the Service Layer.

We're getting below error when we try to retrieve Sales Orders for example

I referenced this blog in order to use CCO in HTTPS mode, but couldn't locate/import the b1i.cer file?

Can you please advise how to overcome this and share any documentation in this regard?

Error

from origin 'http://localhost:9999' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

CCO Release/Version: 2.0 FP08 PL12/2.8.18

SAP B1 Version: HANA 9.3 PL08

Regards,

Mohamed

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

JoergAldinger
Active Contributor
‎2020 Sep 23 2:25 PM

Hello msattar ,

This occurs not due to something that you do on the CCO side, but due to a restriction in that respect in your browser when contacting the Service Layer. Make sure you configure your service layer with the following options (you can adjust the "allowed headers" to include only the ones you need):

Since you are in v9.3 of SAP, you will need to make that configuration in the file /usr/sap/SAPBusinessOne/ServiceLayer/conf/b1s.conf, like so:

"CorsEnable": true,
"CorsAllowedHeaders": "content-type, accept, b1s-caseinsensitive, prefer",
"CorsAllowedOrigins": "http://localhost:9999"

For more information, read chapter 3.20 in the "SAP Business One Service Layer User Manual".

Kindly mark as correct answer if this was helpful.

Best regards,

Joerg.

Show replies
Show replies
mohamed_abdelsattar
Participant
‎2020 Sep 23 6:22 PM
0 Likes

Thanks joerg.ceo, will try it and let you know.

If we've more than 1 origin, should we separate between them by comas or add extra lines?

Example

"CorsAllowedOrigins": "http://localhost:9991", "http://localhost:9992", "http://localhost:9993"

OR

"CorsAllowedOrigins": "http://localhost:9991"

"CorsAllowedOrigins": "http://localhost:9992"

"CorsAllowedOrigins": "http://localhost:9993"

JoergAldinger
Active Contributor
‎2020 Sep 23 6:26 PM
0 Likes

Hello msattar ,

You should separate by semicolon in this case:

"CorsAllowedOrigins": "http://localhost:9997;http://localhost:9998;http://localhost:9999"

You also need to restart Service Layer in order for the change to take effect:

/etc/init.d/b1s restart

Hope this helps.

Best regards,

Joerg.

mohamed_abdelsattar
Participant
‎2020 Sep 24 9:35 PM
0 Likes

Hi joerg.ceo

After modifying the configuration file and restarting the service layer, we received another error.

from origin 'http://localhost:9999' has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

We modified the b1s.conf file as follows but it didn't work; we received the very first error message instead (...No 'Access-Control-Allow-Origin' header is present on the requested resource).

"CorsEnable": true,

"CorsAllowedHeaders": "x-csrf-token, content-type, accept, b1s-caseinsensitive, prefer",

"CorsAllowedOrigins": "http://localhost:9999;http://localhost:9990;http://localhost:9090"

Any advice?

Refer to these screenshots for more details.

mohamed_abdelsattar
Participant
‎2020 Sep 24 9:49 PM
0 Likes

Dears mariatrinidad.martinezgea & ralph, do you've any inputs here?

mohamed_abdelsattar
Participant
‎2020 Sep 28 12:56 PM
0 Likes

Dears, I'm waiting for your valuable inputs.

joerg.ceo mariatrinidad.martinezgea ralph

JoergAldinger
Active Contributor
‎2020 Sep 28 1:47 PM
0 Likes

Dear msattar ,

I believe the solution revolves entirely around you setting up the service layer configuration to allow the required CORS header. At this stage I suggest you double-check your configuration, restart service layer once again and clear your browser cache completely before trying again.

If it still doesn't work, you need to look at the request and response headers of all requests made to Service Layer, especially the response to the initial OPTIONS request. Make sure to check the Access-Control-Allow-Headers response header to validate it includes the one you are receiving the error about.

Hope this helps,

Joerg.

mohamed_abdelsattar
Participant
‎2020 Sep 28 2:31 PM
0 Likes

Thanks joerg.ceo!

We made few changes in the configuration file and CCO request.

Also, installed a Chrome extension to enable CORS from browser.

Now, we receive different errors as below.

1) The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute
2) Response to preflight request doesn't pass access control check: It does not have HTTP ok status (if we removed withCredentials attribute from the code)

Mohamed

JoergAldinger
Active Contributor
‎2020 Sep 28 2:43 PM
0 Likes

I believe you need to keep the "withCredentials" attribute, not remove it.

Regards,

Joerg.

R_Zieschang
Active Contributor
‎2020 Sep 23 1:32 PM
0 Likes

Hi msattar ,

not knowing your REST Client implementation, but I would suggest adding CORS Headers into your request.

For more info:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

hth

Robert

Show replies
Show replies
mohamed_abdelsattar
Participant
‎2020 Sep 23 3:36 PM
0 Likes

Thanks Robert. We already checked this and didn't work.

Ask a Question