I am checking whether a particular URL is currently up or not, by adding a HTTP GET functionality to a button in my UI5 application.
For this, the code is as below:
_onButtonPress: function () {
var xhr = new XMLHttpRequest();
xhr.open('GET', this.getView().byId("sap_Responsive_Page_0-content-sap_ui_layout_form_SimpleForm-1476966827717-content-sap_m_Input-1476966871600").getValue(), true);
xhr.send();
xhr.onreadystatechange = processRequest;
function processRequest(e) {
if (xhr.readyState == 4 && xhr.status == 200) {
var response = (xhr.responseText);
alert(response); }
}},
For the URL input, we are using HTTPS requests only.
But when I put a value for the URL and test the button, I get:
XMLHttpRequest cannot load https://my3XXXXXXX6.sapbydesign.com/sap/byd/runtime/(entered URL). No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://application browser url' is therefore not allowed access.
The idea is to check the status of URL and set the status state from the URL status.
How can I prevent this from happening?
Br Suraj N
This is browser protection against a class of attacks called Cross-Site Request Forgeries.
As explained in the error message, you cannot get this to work unless the linked website (in this case https://my3****6.sapbydesign.com/sap/byd/runtime/) adds an appropriate
Access-Control-Allow-Origin
header to its response.