/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
When opening jsapps homepage, some requests are in status "Cors erros", in console tab, below error shows:
| Access to XMLHttpRequest at 'https://<api domain>/occ/v2/powertools-spa/cms/pages?pageType=CategoryPage&code=brands&lang=en&curr=USD' from origin 'https://<jsapps domain>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. |
Further confirmed with postman, access the same URL, with "Origin" request header set to https://<jsapps domain>, it returns:
| "When allowCredentials is true, allowedOrigins cannot contain the special value \"*\" since that cannot be set on the \"Access-Control-Allow-Origin\" response header. To allow credentials to a set of origins, list them explicitly or consider using \"allowedOriginPatterns\" instead." |
Read more...
Environment
SAP Commerce Cloud
Product
SAP Commerce Cloud 2105 ; SAP Commerce Cloud 2205 ; SAP Commerce Cloud 2211
Keywords
CORS, allowCredentials, allowedOrigins, allowedOriginPatterns , KBA , CEC-SPA , SAP Commerce Cloud Spartacus , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)