SAP Knowledge Base Article - Preview

3125076 - CORS issue in Hybris 2105


When opening jsapps homepage, some requests are in status "Cors erros", in console tab, below error shows: 

Access to XMLHttpRequest at 'https://<api domain>/occ/v2/powertools-spa/cms/pages?pageType=CategoryPage&code=brands&lang=en&curr=USD' from origin 'https://<jsapps domain>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Further confirmed with postman, access the same URL, with "Origin" request header set to https://<jsapps domain>, it returns:

"When allowCredentials is true, allowedOrigins cannot contain the special value \"*\" since that cannot be set on the \"Access-Control-Allow-Origin\" response header. To allow credentials to a set of origins, list them explicitly or consider using \"allowedOriginPatterns\" instead."



SAP Commerce Cloud


SAP Commerce Cloud 2105


CORS, allowCredentials, allowedOrigins, allowedOriginPatterns , KBA , CEC-COM-ADM-BO , Backoffice , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.