When opening jsapps homepage, some requests are in status "Cors erros", in console tab, below error shows:
Access to XMLHttpRequest at 'https://<api domain>/occ/v2/powertools-spa/cms/pages?pageType=CategoryPage&code=brands&lang=en&curr=USD' from origin 'https://<jsapps domain>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Further confirmed with postman, access the same URL, with "Origin" request header set to https://<jsapps domain>, it returns:
"When allowCredentials is true, allowedOrigins cannot contain the special value \"*\" since that cannot be set on the \"Access-Control-Allow-Origin\" response header. To allow credentials to a set of origins, list them explicitly or consider using \"allowedOriginPatterns\" instead."
SAP Commerce Cloud
CORS, allowCredentials, allowedOrigins, allowedOriginPatterns , KBA , CEC-COM-ADM-BO , Backoffice , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.