我可以使用浏览器弹出窗口用户ID和密码通过JSONP / CORS从SAP访问Web服务。
现在,我必须通过请求标头发送来禁止用户ID和密码弹出。
由于预检请求首先将HTTP OPTIONS请求标头发送到另一个域上的资源,为了确定实际请求是否可以安全发送,SAP Server会在OPTIONS请求上给出401错误。现在,我已经看到人们在Apache,PHP等中禁用了OPTIONS的身份验证。如何在SAP中实现相同的目标。
function submitCRM() {
var url = "https://xxxx:8400/sap/bc/ztrees_rest_rep/get_ticket?sap-client=200";
var credentials = "username:password";
var getJSON = function (url) {
return new Promise(function (resolve, reject) {
var xhr = new XMLHttpRequest();
debugger;
console.log(window.location);
console.log(window.location.origin);
xhr.open('GET', url, true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Accept", "application/json");
// xhr.responseType = 'application/json';
xhr.setRequestHeader("Authorization", "Basic" + btoa(credentials));
xhr.withCredentials = false;
xhr.onload = function () {
var status = xhr.status;
if (status == 200) {
resolve(xhr.response);
} else {
reject(status);
}
};
xhr.send();
});
};
getJSON(url).then(function (data) {
console.log(data);
});
在服务器端,我添加了这些,
server->response->set_header_field( name = 'Access-Control-Allow-Methods'
value = 'GET,HEAD,OPTIONS,POST,PUT' ).
server->response->set_header_field( name = 'Cache-Control'
value = 'no-cache, no-store' ).
server->response->set_header_field( name = 'Pragma'
value = 'no-cache' ).
server->response->set_header_field( name = 'Access-Control-Allow-Origin'
value = 'https://localhost:44300' ).
server->response->set_header_field( name = 'Access-Control-Allow-Credentials'
value = 'true' ).
server->response->set_header_field( name = 'Access-Control-Allow-Headers'
value = 'Authorization,X-ACCESS_TOKEN,Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers' ).
server->response->set_content_type( 'application/json' ).
我对如何解决这个问题毫无头绪。 请帮助。
由于