The UI5 Server module provides server capabilities for local development of UI5 projects.
All available standard middleware are listed below in the order of their execution.
A project can also add custom middleware to the server by using the Custom Server Middleware Extensibility.
| ||See chapter csp|
| ||Standard Express compression middleware|
| ||Standard Express cors middleware|
| ||See chapter discovery|
| ||See chapter serveResources|
| ||See chapter testRunner|
| ||See chapter serveThemes|
| ||See chapter versionInfo|
| ||See chapter connectUi5Proxy|
| ||See chapter nonReadRequests|
| ||See chapter serveIndex|
The Content Security Policy (CSP) middleware is active by default.
content-security-policy can be set by adding URL parameter
sap-ui-xx-csp-policy to the request with the policy name as value.
To set the policy to report-only, append
:ro to the policy name. E.g.
The SAPtargetCSP parameter¶
The default CSP policies can be modified using parameter
--sap-csp-policies when using the CLI). With
sendSAPTargetCSP set to
true the policies
sap-target-level-2 policies are activated and send as report-only.
Serve CSP Reports¶
This option is available since UI5 CLI
Serving of CSP reports can be activated with parameter
--serve-csp-reports when using the CLI). With
serveCSPReports set to
true, the CSP reports are collected and can be downloaded from the server path
This middleware lists project files with URLs under several
/discovery endpoints. This is exclusively used by the OpenUI5 test suite application.
This middleware resolves requests using the UI5 FS-file system abstraction.
It also escapes non-ASCII characters in
.properties translation files based on a project's configuration.
Serves a static version of the UI5 QUnit TestRunner at
Compiles CSS files for themes on-the-fly from the source
Changes made to these
*.less files while the server is running will automatically lead to the re-compilation of the relevant CSS files when requested again.
Generates and serves the version info file
/resources/sap-ui-version.json, which is required for several framework functionalities.
Provides basic proxy functionality using the proxy offered by
connect-openui5 under the endpoint
Answers all non-read requests (POST, PUT, DELETE, etc.) that have not been answered by any other middleware with the 404 "Not Found" status code . This signals the client that these operations are not supported by the server.
In case a directory has been requested, this middleware renders an HTML with a list of the directory's content.
When starting the UI5 Server in HTTPS- or HTTP/2 mode, for example by using UI5 CLI parameter
--h2, you will be prompted for the automatic generation of a local SSL certificate if necessary.
Follow the given instructions and enter your password to install the generated certificate as trusted. You can find the generated certificate and corresponding private key under
.ui5/server in your user's home directory.
If Chrome unintentionally redirects an HTTP-URL to HTTPS, you need to delete the HSTS mapping in chrome://net-internals/#hsts by entering the domain name (e.g. localhost) and pressing "delete".