cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

x-csrf-token value in Odata Service PUT operation

Go to solution
former_member9607
Active Participant

on ‎09-03-2013 10:35 AM

0 Kudos

Hello Experts,

I have created an Odata Service for flight demo.

I have successfully implemented the GET_ENTITY & GET_ENTITYSET methods and tested them.

Now i am trying to implement the CREATE_ENTITY method. Data and Model both classes are up to date.

Now I am trying to call the PUT method of REST in Mozilla Firefox for testing purpose.

I have installed the REST CLIENT Add-on for Firefox.

After clicking the Send button i am getting the below error.

"CSRF token validation failed"

The cause of this error is i have supplied wrong value for x-csrf-token.

My Question is from where can i get the value of x-csrf-token when i am calling an Odata service for testing purpose from a browser with rest client add-on installed?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

midhun_vp
Active Contributor
‎09-03-2013 1:10 PM
0 Kudos

To make a put/post you need to pass CSRF token. To get the CSRF token you need to perform a GET . In the response of the get you will get the CSRF token. Copy that value and pass it as header while making a PUT.

- Midhun VP

Show replies
Show replies
former_member193103
Participant
‎05-19-2014 10:38 AM
0 Kudos

Hi Midhun,

I am trying to POST data  to Odata service. My Odata request code is

OData.request(

         {

             headers: {'x-requested-with' : 'XMLHttpRequest','Content-Type': 'application/xml',

              'DataServiceVersion': '2.0',

              "X-CSRF-Token":"Fetch"  },

             requestUri: "proxy/http/vikalpng.vikalpaws.com:8000/sap/opu/odata/sap/ZUSERINFO_VER_SRV/",

             method: "GET",

             //data: oParameters,

               

             user: "*******",

             password: "********"},

             function (data, response) {

                // success handler

              header_xcsrf_token = "tN0lvZGnascNVGnTFFDwGA==";

              OData.request(

         {

             headers: {'x-requested-with' : 'XMLHttpRequest',

              'Content-Type': 'application/xml', 'DataServiceVersion': '2.0',

              "Accept": "application/atom+xml,application/atomsvc+xml,application/xml",

              "X-CSRF-Token":  'tN0lvZGnascNVGnTFFDwGA=='   },

             requestUri: "proxy/http/vikalpng.vikalpaws.com:8000/sap/opu/odata/sap/ZUSERINFO_VER_SRV/",

             method: "POST",

             data: oParameters,

               

             user: "********",

             password: "*******"},

             function (data, response) {

                 //success handler

                 console.log(response);

                 console.log('Successfully updated object');

             }

             );

I am getting error       POST http://gw_admin:vgupta%402013@localhost:8000/Popup/proxy/http/vikalpng.vikalpaws.com:8000/sap/opu/od... 403 (Forbidden)

Uncaught #<Object>

Can you please show me how to resolve the error?

Thanks

Himadri

sven_schmid2
Explorer
‎06-11-2014 2:20 PM
0 Kudos

You tried to fetch the token via the GET parameter but then you were using hardcoded tokens in the post request.

Try something like



header_xcsrf_token = response.headers['x-csrf-token'];


in line ~15 and replace the hardcoded token with this var in line ~21.

Answers (2)

Answers (2)

Former Member
‎04-09-2015 1:00 PM
0 Kudos

Hellou gurus, I have similar problem.

I can get collection from SAP gateway (get_entityset is working) but when I try call oModel.update

there is problem with csrf token validation.

So I tried call web service from rest client

and there is not x-csrf token value.

I guess thats why i can not update value from java, because server doesn't give mi csrf token.

Am I right ?

Thank you

PROBLEM 1. with rest client solved, but still cannot update oModel

here is code for update:

var bseg = {

                           BUKRS:'1000',

                           BELNR:'12345',

                           GJAHR:'2015',

                           BUZEI:'2'};

          

            var oModel = sap.ui.getCore().getModel();

oModel.update('/BSEGCollection', bseg, null, function(){

                  alert("Update successful");

                  },function(){

                alert("Update failed");});

here is code for create model :

var oModel = new sap.ui.model.odata.ODataModel(getServiceURL(), false, "", "", null,null, null, true);

oModel.setDefaultBindingMode(sap.ui.model.BindingMode.TwoWay);

sap.ui.getCore().setModel(oModel);

TEst in gateway client :

Show replies
Show replies
tahir_z
Contributor
‎09-03-2013 11:03 AM
0 Kudos

Hi,

Check out this blog, [Content Deleted Jan 2014]

Regards

Tahir

Show replies
Show replies
Ask a Question