Skip to content

UI5 Server

The UI5 Server module provides server capabilities for local development of UI5 projects.

API Reference

Standard Middleware

All available standard middleware are listed below in the order of their execution.

A project can also add custom middleware to the server by using the Custom Server Middleware Extensibility.

Middleware Description
csp See chapter csp
compression Standard Express compression middleware
cors Standard Express cors middleware
discovery See chapter discovery
serveResources See chapter serveResources
testRunner See chapter testRunner
serveThemes See chapter serveThemes
versionInfo See chapter versionInfo
nonReadRequests See chapter nonReadRequests
serveIndex See chapter serveIndex


The Content Security Policy (CSP) middleware is active by default.

The header content-security-policy can be set by adding URL parameter sap-ui-xx-csp-policy to the request with the policy name as value.

To set the policy to report-only, append :report-only or :ro to the policy name. E.g. /index.html?sap-ui-xx-csp-policy=sap-target-level-1:report-only

sendSAPTargetCSP parameter

The default CSP policies can be modified using parameter sendSAPTargetCSP (--sap-csp-policies when using the CLI). With sendSAPTargetCSP set to true the policies sap-target-level-1 and sap-target-level-3 policies are activated and send as report-only.

Serve CSP Reports

Serving of CSP reports can be activated with parameter serveCSPReports (--serve-csp-reports when using the CLI). With serveCSPReports set to true, the CSP reports are collected and can be downloaded from the server path /.ui5/csp/csp-reports.json.


This middleware lists project files with URLs under several /discovery endpoints. This is exclusively used by the OpenUI5 test suite application.


This middleware resolves requests using the ui5-fs-file system abstraction.

It also escapes non-ASCII characters in .properties translation files based on a project's configuration.


Serves a static version of the UI5 QUnit TestRunner at /test-resources/sap/ui/qunit/testrunner.html.


Compiles CSS files for themes on-the-fly from the source *.less files.

Changes made to these *.less files while the server is running will automatically lead to the re-compilation of the relevant CSS files when requested again.


Generates and serves the version info file /resources/sap-ui-version.json, which is required for several framework functionalities.


Answers all non-read requests (POST, PUT, DELETE, etc.) that have not been answered by any other middleware with the 404 "Not Found" status code . This signals the client that these operations are not supported by the server.


In case a directory has been requested, this middleware renders an HTML with a list of the directory's content.

SSL Certificates

When starting the UI5 Server in HTTPS- or HTTP/2 mode, for example by using UI5 CLI parameter --h2, you will be prompted for the automatic generation of a local SSL certificate if necessary.

Follow the given instructions and enter your password to install the generated certificate as trusted. You can find the generated certificate and corresponding private key under .ui5/server in your user's home directory.


If Chrome unintentionally redirects an HTTP-URL to HTTPS, you need to delete the HSTS mapping in chrome://net-internals/#hsts by entering the domain name (e.g. localhost) and pressing "delete".