I'm not able to get CORS working for XS services running on my HANA rev92 server. My JavaScript client is returning "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:36262' is therefore not allowed access."
The issue is similar to CORS Issue while consuming Hana's OData and I've tried all the remedies suggested there. If you read the exchange carefully, you'll see that although the narrower question about CORS with authentication is answered, people have added to the post with questions that haven't been answered. In particular, people are wondering if CORS is working on SPS9.
So, here are my questions:
- In the other discussion, Herr Jung says we should enable CORS using the XS Admin tool, not with the .xsaccess file. It isn't clear to me what happens if the settings in .xsaccess differ from settings in the tool. Is it correct to assume that the XS Admin tool overrides .xsaccess?
- These settings below are not working for me. What am I missing? Do I need to allow "Exposed Headers"?
- I can't figure out how to add items to the "Exposed Headers" section. I can open the "Add Exposed Header" dialog but pressing the "Add" button results in JavaScript errors. See below for screenshots. Is this a bug? If so, Is there a workaround?
Add Exposed Header dialog not working:
Pressing Add Button results in JavaScript Error:
