0

I developed an API in node.js and deployed it in cloud platform but while calling that API from SAP cloud platform, I am getting CORS error as below:

jquery-dbg.js:9208 Access to XMLHttpRequest at 'https://xxxxx.cfapps.us10.hana.ondemand.com/xxxxx' from origin 'https://webidetestingxxxxxxxxxxx.dispatcher.hanatrial.ondemand.com' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response

$.ajax({

    type: "POST",
    url: "https://xxxxxxx.cfapps.us10.hana.ondemand.com/xxxxxx",
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    crossDomain: "true",
    async: false,

    headers: {
        "Authorization": "Basic" + "***********",
        "Access-Control-Allow-Origin": "*"
    },
    data: JSON.stringify({
        text: "hi",
        subject: "body message"
    }),
                    
    success: function (data) {
        console.log("success" + data);
    },
    error: function (data) {
        console.log("error: " + data);
    }

});

Although I am using "Access-Control-Allow-Origin" in the header, no luck so far. Any help is much appreciated.

Serg
  • 2,346
  • 3
  • 29
  • 38
Nav
  • 9
  • 1
  • 4
    `Access-Control-Allow-Origin` is something your server has to set, not something the client sets. Please [read](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) about how the headers work for CORs. It's your server that has to authorize the browser to make a cross origin request. And, if you are going to be sending JSON as the `content-type`, then your server will also have to authorize the pre-flight OPTIONS request, not just the POST request. – jfriend00 Jun 23 '20 at 07:38
  • 3
    Plus `async:false` and `crossDomain: true` are not what you want with `$.ajax()`. Remove both of those. And, you can use a more current coding style and use the promise that `$.ajax()` returns rather than the older plain callback style as it's a lot more flexible way to code and compatible with other tools for managing asynchronous flow of control. – jfriend00 Jun 23 '20 at 07:40
  • Thank you for your response. It is solved by removing authorization in headers – Nav Jun 23 '20 at 17:47
  • I'd suggest the best way to do this with SAP WebIDE is to configure the neoapp.json file to include a destination that points to the SAP CloudFoundry URI you want to post data to. Otherwise you will have to change this URL from a dev to productive landscape. As an aside, this question is not strictly a duplicate of the generic CORs error as the answer here would be different. The cause is the same though. – orogers Jun 24 '20 at 15:48

0 Answers0