cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Obtaining CSRF Token for Android Odata Application

Go to solution
Former Member

on ‎10-11-2012 12:05 AM

0 Kudos

Hi All

  We are trying to perform the update operation from mobile via oData Channel using SUP, in the first call I have a header as  below, I am able to recieve the response for the requested URL using GET operation,but inorder to perform UPDATE operation we need to use the CSRF token which is obtained in the previous call , I am not able to find the method for obtaining CSRF token.request your help and suggestions on how to obtain the token.

"X-Requested-With", "XMLHttpRequest"

"X-CSRF-Token","Fetch"

"Content-Type", "application/xml"

Thanks

Santosh Varada

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-11-2012 3:39 AM
0 Kudos

Hi Santosh,

1> You need to send a Get request with the read URL with custom Request header as

x-csrf-token: fetch (Case sensitive)

2> in the Response Header you will get some value for x-csrf-token: 23eer...............==

3> copy this token and paste it to the custom request header in place for 'fetch' (i.e. copy 23eer... in place for 'fetch')

4> change the request type to PUT. 

5> add another custom request header as Content-Type: application/atom+xml;type=entry

6> copy the same contents of the GET request you received in the response body into the request body . and change attributes which needs to be updated .

7> Send the request.

Regards

Gururaj

Show replies
Show replies
Former Member
‎10-11-2012 6:06 AM
0 Kudos

Hi Guru

  ok, I am taking a point from here to maintain case sensitive value for fetch, but I am looking for a method to catch CSRF token  from response Header in Void onSUccess method.where in I got the response in HttpResponse format ,but while debugging Header array shows Null ,Also I am looking for a method to  catch the CSRF token .Is is I ma passing wron parameters or is there any order I need to follow.

Answers (1)

Answers (1)

Former Member
‎11-06-2012 5:27 AM
0 Kudos

Hi Santhosh, i was working on a gateway consumption model for android, Till now i was able to do the read operation, query operation and for the put method im able to get the xcrf token and now i facing some issues while updating the record, can u just guide me how u handled it

Thanks,

Rakshit

Show replies
Show replies
Former Member
‎11-06-2012 4:21 PM
0 Kudos

Hi Rakshit

I should be able to help you ,in case if I don't know I should be able to guide or assist you,please let us know the issues you are facing.

Thanks

Santosh Varada

Former Member
‎11-07-2012 3:44 AM
0 Kudos

Hi santhosh, i have tested gateway services in restclient when i try it on the device im getting csrf token validation failed and in the get method im not getting the same csrf token which i get from the restclient,

I been on it since entire day but it kept happening and i was not able to make an update, im passing the headers, the below code will help you understand what im trying to do,

public String UpdateRequest(String requestBody, String token,String cookie) throws CustomException

          {

mParameters = new SDMConnectivityParameters();

                    mParameters.setUserName("sansen1");

                    mParameters.setUserPassword("sansen");

                    mPreferences = new SDMPreferences(_context, Utility.getLogger());

                    ISDMRequestManager          mRequestManager = new SDMRequestManager(Utility.getLogger(), mPreferences , mParameters, 1 , mSecurity);

                    ISDMRequest request = new SDMBaseRequest();

                    request.setListener(this);

                    request.setRequestUrl(_serviceURL);

                    request.setRequestMethod(ISDMRequest.REQUEST_METHOD_PUT);

                    request.setPriority(ISDMRequest.PRIORITY_HIGH);

                    Map<String, String> headers = new HashMap<String, String>();

                    headers.put("Content-Type", "application/atom+xml");

                    headers.put("X-CSRF-Token", token);

  request.setHeaders(headers);

  request.setData(requestBody.getBytes());

                    request.setRequestUrl(_serviceURL);

  mRequestManager.makeRequest(request);

return _response;

          }

Former Member
‎11-07-2012 5:47 AM
0 Kudos

Hi Rakshit

  Yes, The CSRF token would not be same every time even if it is via Gateway oData, it keeps changing for every session , it is only valid for a session,are you able to get the token in Get method , if Yes you should also be able to get the cookie, can you try by passing cookie also along with the token.

But just for a work around if you want to test the update operation you can bypass the CSRF token check, let me know if you need this.But for security reasons CSRF token is preferred.Awaiting your feedback

Thanks

Santosh Varada

Former Member
‎11-07-2012 5:59 AM
0 Kudos

Hi santosh,

Thanks for your reply, this morning i figured out whatthe problem was, the get methos was returning 3 cookies but i was with only the first cookie and when i tried with all three cookie boom it worked,

Thanks again,

Regards,

Rakshit

Former Member
‎11-07-2012 9:31 AM
0 Kudos

Hi Rakshit

   Good to know that you are able to perform update operation via gateway oData

Thanks

Santosh Varada

Ask a Question