Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 

Recently Jerry is working on a POC: expose ABAP On-Premise function module STFC_CONNECTION via SAP Cloud Platform plus SAP Cloud Connector and consume it via Wechat app in my mobile phone.

The logic of this function module is simple: simply copy the value of importing parameter REQUTEXT to exporting parameter ECHOTEXT.

Deploy it to SAP Cloud Platform, and consume it via the following endpoint:

And then consume it in my Wechat message server. Since it is a POC, I simply hard code the endpoint in line 3:

The expected error message is raised: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How to resolve it?

Approach 1: Cross-Origin Resource Sharing

If we are allowed to manipulate server response via programming or configuration, we can then leveraging Cross-Origin Resource Sharing by adding header field Access-Control-Allow-Origin in HTTP response. The field value is set according to actual business requirement, acting as a white list.

Detail of this approach could be found from my blog Cross domain request in ABAP and Java

By the way, in SAP Cloud Platform Mobile Service for Development and Operations cockpit there is available settings for Cross Domain Access. However since my POC does not ultilize SAP Cloud Platform Mobile Service, this setting does not help.

Approach 2: JSONP

Just the same as approach 1, some server side development is also needed. Solution detail:

Unfortunately in my use case, it is not possible for me to directly manipulate the HTTP response headers. As a result this approach does not help either.

Approach 3: Develop a ProxyServlet

When Jerry was doing SAP CRM Fiori development, I was using Eclipse as IDE, and deploy the application to a local Tomcat server for unit test, where the application with domain localhost:8080 can still access OData service in On-Premise system without any Cross Domain issue. Why? Because a Proxy Servlet was deployed to Tomcat server as well. The HTTP request sent by Fiori JavaScript code was intercepted by Proxy Servlet, which then sends the request to On-Premise system via Java code. The response got from On-Premise system was sent back to Fiori JavaScript code.

More detail of such Servlet could be found from my blog Explore the

So now we can start to develop our own Proxy Servlet. The source code of the whole Java web project could be found from my github.

Below are some keypoints:

1. In index.html the AJAX request is actually sent to ProxyServlet: pay attention to the proxy fragment in request url in line 3 below:

2. Develop a ProxyServlet to intercept those requests whose url contain "proxy". Then use Java code to consume API hosted in SAP Cloud Platform:

Test and it works as expected: the HTTP request sent from localhost domain could consume the API in SCP.

I just googled and found there is already a Github project published by SAP to achieve the same requirement. For details please refer to this blog Get around cross-origin issues in your JavaScript applications using a proxy.

Further reading

1 Comment