Skip to content

Running Mobile Development Kit Web Apps in SAP Cloud Portal Service on BTP

SAP Cloud Portal Service (Cloud Foundry Environment)

In CF, HTML5 applications are deployed either with a Standalone AppRouter or Managed AppRouter.

Deployment with Standalone AppRouter

For this deployment type, the developer deploys a web app using SAP Cloud Foundry HTML5 CLI or SAP Business Application Studio. By default, BTP CF protects an HTML5 application of Standalone AppRouter against Clickjacking by setting the HTTP X-Frame-Options response header to allow a specific hosting frame only. Since the SAP Cloud Portal Service URL in Cloud Foundry Environment is different from this hosting URL, Mobile Development Kit web apps can’t be loaded within (an iframe of) the Portal.

To open a Mobile Development Kit web app in-line with the Portal (of the same sub-account), the Portal URL, e.g. {subdomain}, needs to be allowed for the web app. In BTP Cloud Foundry cockpit of the Space, click the deployed application (ending with -approuter) under Applications section. Add the following two variables under User-Provided Variables.

Variable Value
CJ_PROTECT_WHITELIST [ { "host": "{subdomain}" } ]
httpHeaders [ { "X-Frame-Options": "ALLOW-FROM https://{subdomain}" } ]

Deployment with Managed Approuter

For this deployment type, a Mobile Development Kit developer has to deploy the Mobile Development Kit web app using SAP Business Application Studio. The domain of the deployed Mobile Development Kit web app is the same as that of Portal, i.e. {subdomain} As such, the Portal is able to load this type of Mobile Development Kit web app in-line without further configuration.

SAP Cloud Portal Service (Neo Environment)

SAP Cloud Portal Service in Neo environment only supports loading UI5 HTML5 applications in-line. Since Mobile Development Kit web apps are non-UI5 HTML5 applications, they are opened in a new browser tab instead.

A Mobile Development Kit web app deployed to a Neo subaccount can be loaded in-line within SAP Cloud Portal Service in Cloud Foundry. To avoid user manual login, the Neo Mobile Development Kit web app may be configured to use certificate login or configured to None for the authentication mechanism. The above-mentioned user-provided variables are not required, because BTP Neo does not set the HTTP “X-Frame-Options” response header by default.

Last update: April 10, 2023