We use SAP NetWeaver 7.30 or higher to operate an SAP NetWeaver Application Server for ABAP, which is used to serve web applications built with the "UI development toolkit for HTML5" (SAPUI5). In this scenario the browser cache is used to accelerate the loading time of SAPUI5 applications.
- You have updated an SAPUI5 application or the underlying SAPUI5 runtime on the server. You observe that users of the web application need to clear their browser cache manually before the software update becomes effective.
- You would like to configure private cache control. Then the application resources must not be cached by shared caches, e.g. proxy servers, but only on the computer of the application user.
- You would like to prevent or configure the possibility to embed your web applications in an iFrame. This may be of interest as a protection measure against clickjacking attacks.
Solution:
- Please Apply the following attached correction instruction.
Correction Instructions
Correction Instructions | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
- Use the HTTP service hierarchy maintenance (transaction SICF) to change the handler list of the SAPUI5 application handler:
- Go to service path /sap/bc/ui5_ui5.
- Select the handler list.
- Change the the following classes:
- /UI5/CL_UI5_APP_HTTP_HANDLER into /UI5/CL_UI5_APP_HTTP_HANDLER2 and /UI5/CL_UI5_HTTP_HANDLER into /UI5/CL_UI5_HTTP_HANDLER2
- Use transaction SE19 to implement the Business Add-In /UI5/BADI_CONFIG_HTTP_HANDLER (BAdI). It is part of the enhancement spot /UI5/PUBLIC_ENHANCEMENTS.
- If you use the implementation example class /UI5/CL_CNFG_HTTP_HNDLR_WEEKLY, the browser cache life time for the application and the runtime resources is configured to become invalid each Sunday at 23:59. If you activate your software update e.g. on a Sunday, the application users will automatically retrieve the latest software version when they use the web application, e.g. on the next Monday. You do not have to ask the application users explicitly to clear the browser cache manually after every software update.
- With a different BAdI implementation you can define any other day or time for the browser cache to expire. You may also choose daily expiration.
- Implement a custom class in case you want to configure private cache control or the possibility to embed SAPUI5 applications in an iFrame.
- After you have implemented the BAdI /UI5/BADI_CONFIG_HTTP_HANDLER (and the custom class, if applicable) ask the users to clear the browser cache manually one last time. Then the changes you have implemented become effective.
- Use the ICM monitor (transaction SMICM) to clear the ICM cache globally.