cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fetching csrf token for create service

Former Member

on ‎01-15-2014 12:39 PM

0 Kudos

hi,

i have implemented a create service which is binded with front-end , but it gives error csrf token validation failed. i have read previous posts on csrf fetching,but those methods didn't work.

I dont want to disable csrf token from backend (using ~CHECK_CSRF_TOKEN = 0 ).
How can i fetch csrf token value ?

if We can use read service to fetch csrf token then how can i get the token in frontend?

thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

kammaje_cis
Active Contributor
‎02-12-2014 3:40 PM
0 Kudos

Kartik,

- If your front end is based on UI5, you can use OData Model for Create, which will take care of csrf token on its own.

- Execute the request in Gateway Client and check if you get CSRF token.

Show replies
Show replies
Former Member
‎02-13-2014 5:58 AM
0 Kudos

hi,

yes my front end is ui5 based and i am using odata model create method, but error still persists same.
"CSRF token validation failed".
in gateway client i get x-csrf-token as header appropriately,but when i try to run outside sap system,it will trigger csrf token validation error.
the alternative was i disable csrf token from backend in SICF,but it i guess it is considered bad programming practise.
is there any solution to activate csrf header as a cookie or response header from sap system??

ChandraMahajan
Active Contributor
‎02-13-2014 6:31 AM
0 Kudos

Hi,

Meanwhile look at document where it is explained on how to pass csrf header etc...Not sure if you are following same approach but still refer it and see if it resolve your issue.

Regards,

Chandra

Former Member
‎02-13-2014 11:44 AM
0 Kudos

hi Chandrashekhar,

using basic authorization i got csrf token in REST client.
thank you very much.
but there is still the question how can i embed this authorization thing in ui5 application???

it would be really help if i get a sample code.
thanks

ChandraMahajan
Active Contributor
‎02-13-2014 11:53 AM
0 Kudos

Hi Kartik,

May be you can refer this blog

Here OP of the blog explained how to pass csrf token.

Regards,

Chandra

Former Member
‎02-13-2014 12:45 PM
0 Kudos

i tried using process in that link but still i get csrf token as blank.

i wrote function

function uilogon()

{

  var tok  = "username" + ':' + "password"; 

  var hash = btoa(tok); 

  var auth = "Basic " + hash; 

  $.sap.require("jquery.sap.storage"); 

  var UI5Storage = $.sap.storage(jQuery.sap.storage.Type.session); 

  UI5Storage.remove("Auth"); 

  UI5Storage.put("Auth",auth); 

  }

how can i set basic authorization as header while implementing GET service???

Former Member
‎02-14-2014 6:55 AM
0 Kudos

hi,

i sortof found out way to set header

var tok  = "username" + ':' + "password"; 

  var hash = btoa(tok); 

  var auth = "Basic" + hash;

  alert(auth);

  useroDataModel.setHeaders({

  //'Accept-Encoding': "gzip",

  "Authorization" : auth});

now the problem is ,gateway is asking for authorization ,but when i enter details it doesnt accept.(even valid ids and passwords).

what could be the problem?

Former Member
‎02-08-2014 7:21 AM
0 Kudos

Hi Kartik,

To fetch csrf token value you have to call GET request(Service or metadata GET request also gives you csrf token value).

When you call GET request, You need to pass following entry in headers

X-CSRF-Token   Value : Fetch

In response you will get csrf token value and cookies which you need to pass while calling CREATE request.

Regards,

Abhishek Wajge

Show replies
Show replies
Former Member
‎02-12-2014 12:18 PM
0 Kudos

hi abhishek,
i treid that thing,but csrf value shows undefined.
the main issue is csrf header is not exported as header.
is there any way so that i can export csrf header from gateway ...
can it be done in sicf???

thanks

Former Member
‎02-12-2014 2:16 PM
0 Kudos

Hi Kartik,

You can try calling GET service in chrome postman REST Client or any other REST client and see whether you are getting csrf value.

Regards,

Abhishek Wajge

Former Member
‎02-13-2014 5:53 AM
0 Kudos

i tried using GET method initially n then passing csrf value to create,but headers i am getting are

Ask a Question