Cross Origin Resource Sharing. Leverage SAP CORS policy on SAP Business Accelerator Hub with the api-gateway #892
Comments
|
@ptesny thanks for reporting that. what kind configuration do you have in mind. i had a quick look at your gist and it seems pretty relaxed / too general to me. on the other hand it seems to me that example to came up with is based on very specific usage and somehow does not sound to me it should be used as default. There is already possibility to configure CORS on APIRule so maybe writing a blog post or sap specific tutorial would be more useful in this case. |
|
From my point of view the CORS policy provided by SAP Business Accelerator Hub is way to generic and relaxed. I agree to what @strekm already said, having a blog post how to add a valuable CORS policy is much more valuable than defining a weak default and giving the impression of security. |
|
The idea was to provide a ready made CORS policy that could be applied with one click in the api rule. PS. |
Description
Cross Origin Resource Sharing. Leverage SAP CORS policy available on SAP Business Accelerator Hub with the api-gateway
https://gist.github.com/ptesny/a2e7000814aa7bdc6795016e708675b5#cors-policy-on-sap-business-accelerator-hub
SAP Business Accelerator Hub is like an Alibaba's cavern. Except, no need to be a thief. Everything is in plain sight.
SAP Business Accelerator Hub offers a trove of public resources, namely
Reasons
Cross-ecosystem alignment.
Applying predefined CORS policy value will make it easier to apply the correct CORS settings.
DoD:
Attachments
https://gist.github.com/ptesny/a2e7000814aa7bdc6795016e708675b5#cross-origin-resource-sharing
https://gist.github.com/ptesny/a2e7000814aa7bdc6795016e708675b5#cors-policy-on-sap-business-accelerator-hub
The text was updated successfully, but these errors were encountered: