on 10-31-2013 9:26 AM
hi,
I have disabled the csrf token for a service with POST(CREATE) method.
But still when i call the service from rest client in firefox i get error saying CSRF token validation failed.
I have gone through the documentation of SAP regarding that and done all the steps but still it is not working.
Any help / guidance to resolve this would be much appreciated!
Best regards,
Jagruti
Hi Jagruti,
You cannot disable CSRF protection completely. Setting ~CHECK_CSRF_TOKEN=0 only switches back to a less secure mechanism that requires you to provide a constant HTTP header
X-Requested-With: X
in your data modification request.
Hope this helps!
--Ralf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I have the same problem.
Regards
Vladislav
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I just ran into the same problem.
My NW 7.02 is running GW 2.0 SP6, but I guess that doesn't matter, because the CSRF-Token is handled purely by ICF, right?
I set ~CHECK_CSRF_TOKEN = 0 in my service (I am pretty sure that I got the right service in SICF!). This caused the following behaviour:
I switched back to ~CHECK_CSRF_TOKEN = 1 and then everything works as before.
Björn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jagruti,
How did you disable it? As described here - http://help.sap.com/saphelp_gateway20sp07/helpdata/en/89/ea6a0543dc4e13b20b3462f57d7404/frameset.htm ?
Why do you want to disable it? This makes your application less secure.
Kind regards,
Vlad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi vladislav,
i have disabled because of the requirement and i want it to be disabled only inspite of the security issue.
I used the ~X-CSRF-TOKEN = 0 in the ICF Configuration of the service.
But it is not working.
Any help / guidance to resolve this would be much appreciated!
Best regards,
Jagruti
Hello Sathish,
Please pass as below :
Header -> x-csrf-token
Value -> fetch
Use the URL which is used to get the metadata of ur service with the above headers & value to get the token.
U will get the token value in the response headers.
If at all u r not able to fetch it, please check ur service is getting fired at the very 1st place.
Go to ur GW system and check service is getting fired or not in /IWFND/APPS_LOG
Regards,
Ashwin
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.