In Figure 6, the controller and origin could be used to query a database for the policy values. A custom policy provider factory approach is different from the attribute approach because it requires your implementation to provide the logic to match the incoming request to a policy. SAP Community is updating its Privacy Statement to reflect its ongoing commitment to be transparent about how SAP uses your personal data. JavaScriptAjaxAPICORSpreflight. Consider the world of cross-domain requests before CORS. You could do a standard form POST, or use a script or an image tag to issue a GET request. Access-Control-Allow-Headers in preflight response. Use this to set custom headers, etc. CORS allows you to specify more headers and method types than was previously possible with cross-origin or