Hi Thomas ,
I'm having the exact same issue now in SP9 and it was working on SP8
here is my .xsaccess file:
{
"exposed" : true,
"authentication" :null,
"force_ssl" : true,
"prevent_xsrf" : false,
"anonymous_connection" : "mypackage.application::AnonConn",
"cors" :
{
"enabled" : true,
"allowMethods":["GET","POST","HEAD","OPTIONS"],
"allowOrigin":["my.server.me"],
"allowCredential":true,
"exposeHeaders": "access-control-allow-headers,access-control-allow-origin,access-control-expose-headers,authorization",
"allowHeaders":"Origin, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control",
"maxAge":"3600"
}
}
I've added exposeHeaders and allowHeaders on SP9 because i got error message from chrome and other browser that :
Refused to set unsafe header "Access-Control-Request-Headers"
APIController.js:37 Refused to set unsafe header "Access-Control-Request-Method"
(index):1 XMLHttpRequest cannot load https://hana.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my.server.me' is therefore not allowed access.
I tried XS Admin tool but I can only see the content of CORS parameters there , how do i edit them from there.
What's missing or wrong with my .xsaccess now on SP9 ?
thanks,
best