CORS Issue in SAP OData Service - No 'Access-Control-Allow-Origin' Header Is Present

This CORS issue is stuck mad with no solution. I am creating XSODOTA service in SAP HANA with below xsaccess file contents and consuming UI5 application in my localhost.

    "exposed": true,
    "authentication": [{
        "method": "Basic"
    "mime_mapping": [{
        "extension": "jpg",
        "mimetype": "image/jpeg"
    "force_ssl": false,
    "enable_etags": true,
    "prevent_xsrf": true,
    "anonymous_connection": null,
    "cors": [{
        "enabled": true,
        "allowMethods": [
        "allowOrigin": "*",
        "maxAge": "3600"
    "headers": {
        "enabled": true,
    "cache_control": "no-cache, no-store",
    "default_file": "index.html"

I have done all that and I can collect from SAP forums in XS Admin tool as below:

enter image description here

Calling the service in jQuery ajax function as below:

    type: "GET",
    url: "odataurl?$format=json",
    data: null,
    contentType: "application/json; charset=utf-8",
    jsonpCallback: 'processJSON',
    headers : {
        "Access-Control-Allow-Origin" : "*"
    crossDomain: true,
    xhrFields: {
        withCredentials: true
    success: function(msg) {
    error: function(err) {

Failed to load http://odataurl?$format=json: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:20019' is therefore not allowed access.

1 answer

  • answered 2018-01-16 08:21 Mahesh

    Go to Windows + R (run) command and execute below to open Chrome without web security. This will solve your CORS issue.

    chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

    P.S this solution is for running UI5 app locally (localhost) not for server app.

    Thanks, Mahesh.