cancel
Showing results for 
Search instead for 
Did you mean: 

In Create: CSRF token validation failed

Former Member
0 Kudos

Hi

I have created a query where I got a list of entry sheets.

Actually I want to creat a new entry sheet, but I am not allowed to do that, as I got the error "CSRF token validation failed".

I did find this thread, where I am told to call a query first, and then do my post. But it still gives me the CSRF token error.

http://scn.sap.com/thread/3361661

My query GET url looks like this:

http://xxxx.xxx.xxx:yyyy/sap/opu/odata/sap/ZGW_TEST_SES_SRV/EssList/?$filter=PO_NO eq 'FSP0235016'

I got a list - and it works fine.

My CREATE url looks like this:

http://xxxx.xxx.xxx:yyyy/sap/opu/odata/sap/ZGW_TEST_SES_SRV/EssList('123')

and here I got the error.

We are using Odata in our ICF Node.

Anyone who can give me some hints?

Thanks

Aikon

Accepted Solutions (1)

Accepted Solutions (1)

former_member184867
Active Contributor

Hi Aikon,

Follow the steps.

1. In the first GET call you need to add HTTP Request header 'X-CSRF-Token'  and value 'Fetch'.

When you get the response back, check the value for header 'X-CSRF-Token, copy this value.  Check the following screenshot for this mentioned step

2. In the POST request you need to to add HTTP request header 'X-CSRF-Token', value will be the value that you received in last step. Check the screenshot for this step

This time server will accept the CSRF Token.

Please note I am using Advanced Rest Client for Chrome for this test.

Regards,

Atanu

Message was edited by: Atanu Mallik

Former Member
0 Kudos

Hi,

I am trying to get X-CSRF-Token from rest client, but in response in GET method it is not giving. I am new to SMP integration, please help me.

this is the screen shot. Here username and password is empty, no authentication is required.

Regards,

Surya prakash

former_member184867
Active Contributor
0 Kudos

This  is a sample service created by Microsoft. AFAIK  this service is not CSRF protected. It is  a feature that is enabled from the server. in SAP Odata services we get CSRF token. The server of this service has not enabled CSRF protection   

Answers (0)