While the SAP Cloud Platform Open Connectors UI utilizes browser-based cross-origin resource sharing (CORS) protections, those protections are bypassed if you make calls to any of our APIs which include
/api-v2. Because the SAP Cloud Platform Open Connectors APIs do not offer any inherent CORS protection, users and developers are responsible for the management of any necessary CORS-related protections. As always, we strongly recommend you implement any relevant best practices to ensure security for your account, resources, etc.
Things to Know
Any calls made to the SAP Cloud Platform Open Connectors API server (any calls to our server including /api-v2, regardless of environment) will not return the Access-Control-Allow-* headers associated with the response header, regardless of whether the client sends the header or not.
When the HTTP request provides the Origin header and the origin is whitelisted from a CORS perspective by the API, return any Access-Control-* headers with the Origin header's value. This is an instance of same origin policy (SOP); see Additional Information for more.
Troubleshooting CORS Issues
Issues or errors regarding CORS are likely being caused by the connecting application, not SAP Cloud Platform Open Connectors. To troubleshoot, check that the application you are attempting to connect with is configured to allow communication outside of its own domain.
To learn more about implementing best practices for CORS protection or related information, contact Customer Success or see the following documentation: