SAP Knowledge Base Article - Public

3205694 - Chrome configuration change: Private Network Access: introducing preflights in SAP Analytics Cloud (SAC) Live Connections

Symptom

  • An authentication error may occur and block access when using a DIRECT/CORS live data connection to on-premise data sources (see examples below) in SAP Analytics Cloud (SAC).
    • SAP Business Warehouse (BW),
    • SAP BW/4HANA,
    • SAP S/4HANA on-premise,
    • SAP HANA,
    • SAP HANA Extended Application Service Advance Model,
    • BPC Embedded (Live).
  • Affected preflight requests can also be viewed and diagnosed in the developer tools (CTRL + Shift + I) network panel.
  • Chrome network trace and console log will show error messages such as:
    • net::ERR_TIMED_OUT
    • Failed to load response data: No content available for preflight request

Environment

  • SAP Analytics Cloud Enterprise and Embedded (OEM)
  • Chrome version 102 and later

Cause

Chrome configuration issue: 1329248: Public --> Private CORS requests failing in some situations due to PNA

Resolution

  • Google has disabled the feature in the Chrome browser.
    • How to check:
      • Open a new Chrome browser tab.
      • Type in chrome://version/?show-variations-cmd into the Chrome address bar. 
      • Search for text: PrivateNetworkAccessSendPreflights/Disabled
    • If you have this text appearing in the Command-line variations section, then the feature is DISABLED, and SAC Live Connections will work as normal.
  • Google Chrome has issued a patch to only provide warnings in the browser if requests to remote (private) servers do not respond with Access-Control-Allow-Private-Network: true.
  • SAP Analytics Cloud development is aware of the changes coming in Chrome version 105 documented here:
  • SAP Analytics Cloud development is working on the issue internally with a variety of stakeholders.
  • If live connections stop working after upgrading to Chrome version 102, please follow the steps in the blog under the section:

Workaround (Only to be used if the PrivateNetworkAccessSendPreflights/Disabled setting is not present, see above on how to check).

The above change does not impact the current version of the Microsoft Edge browser. However, with the release of Edge version 102, the issue will be present there as well. The workarounds that are available for Google Chrome below will be the same for the Microsoft Edge browser.

If using Google Chrome. Please perform the steps below (the setting changes can be done either by end users or enterprise policies*):

  1. Open the Chrome browser.
  2. To enable Chrome flags, simply type in “chrome://flags” into the Chrome address bar.
  3. Search for "preflights".
  4. Change the below 2 settings from "Default" to "Disabled" (screenshot below shows the Default setting):
    • Send Private Network Access preflights
    • Respect the result of Private Network Access preflights
      Live_CORS_ISSUE.png
      Screenshot below shows the Disabled setting:
  5. Relaunch (or restart) the browser.

*Enterprise Policy changes:

  1. Please go to the Chrome Enterprise and Education Release Notes and the “Chrome sends Private Network Access preflights for subresources” section.
  2. As per the instructions listed, you can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, sap analyst cloud, https://hcs.cloud.sap, https://hanacloudservices.cloud.sap, https://cloudanalytics.accounts.ondemand.com, https://hanacloudservices-us.accounts.ondemand.com, https://www.sap.com, https://help.sap.com, predictive analytics (analysis), data analysis (analytics) tools, analytics tools, sap analytics cloud, data literacy, advanced analytics, data democratization, analytics software, real time analytics, self service analytics, advanced data analytics, analytics as a service, analytics cloud / cloud analytics, saas analytics, cloud bi, enterprise planning, cloud data analytics, cloud based analytics, analytics cloud platform, modern analytics, real time analysis, cloud analytics solution(s), what is sap analytics cloud, cloud analytics tools, analytics in the cloud, cloud analytics software, SAC - BW Live connection faild on Chrome 102 (Beta), In Chrome 102, released, authentication fails when connecting to SAC-BW Live data, authenticated without any problems in the same environment. issue check, fails failed failure prechecks, BW Live CORS: Solution for Preflight request -> Allow Private Network Access not fully documented?, Live Connections not working SAC upgrade, SAC - BW Live connection faild on Chrome 102 (Beta) fails failure failed , KBA , chrome chromium browsers , access-control-request-private-network , pna pre flights , sends a cors preflight request ahead , private network access , pna , "allow private network access" , cors-rfc1918 , sac cors chrome 102 , 3205694 , (failed)net::err_timed_out , config chagne changes changed change , chrome 102 cross origin sac kba , sac kba cors 102 , allow private network access not fully , bw live cors: solution for preflight req , preflights chrome 102 sac kba , headers icf rule icm cors , pna edge v105 warning , rewrte rules rewrite rule , sac & chrome v102, , LOD-ANA-LDC , SAC Live Data Connection , LOD-ANA-LDC-BW , SAC Live Data Connection BW , LOD-ANA-LDC-HAN , SAC Live Data Connection HANA , LOD-ANA-AUT , SAC Authentication / Login , LOD-ANA-ADM , SAC Administration , Problem

Product

SAP Analytics Cloud 1.0