on 01-15-2014 12:39 PM
hi,
i have implemented a create service which is binded with front-end , but it gives error csrf token validation failed. i have read previous posts on csrf fetching,but those methods didn't work.
I dont want to disable csrf token from backend (using ~CHECK_CSRF_TOKEN = 0 ).
How can i fetch csrf token value ?
if We can use read service to fetch csrf token then how can i get the token in frontend?
thanks
Kartik,
- If your front end is based on UI5, you can use OData Model for Create, which will take care of csrf token on its own.
- Execute the request in Gateway Client and check if you get CSRF token.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
yes my front end is ui5 based and i am using odata model create method, but error still persists same.
"CSRF token validation failed".
in gateway client i get x-csrf-token as header appropriately,but when i try to run outside sap system,it will trigger csrf token validation error.
the alternative was i disable csrf token from backend in SICF,but it i guess it is considered bad programming practise.
is there any solution to activate csrf header as a cookie or response header from sap system??
i tried using process in that link but still i get csrf token as blank.
i wrote function
function uilogon()
{
var tok = "username" + ':' + "password";
var hash = btoa(tok);
var auth = "Basic " + hash;
$.sap.require("jquery.sap.storage");
var UI5Storage = $.sap.storage(jQuery.sap.storage.Type.session);
UI5Storage.remove("Auth");
UI5Storage.put("Auth",auth);
}
how can i set basic authorization as header while implementing GET service???
hi,
i sortof found out way to set header
var tok = "username" + ':' + "password";
var hash = btoa(tok);
var auth = "Basic" + hash;
alert(auth);
useroDataModel.setHeaders({
//'Accept-Encoding': "gzip",
"Authorization" : auth});
now the problem is ,gateway is asking for authorization ,but when i enter details it doesnt accept.(even valid ids and passwords).
what could be the problem?
Hi Kartik,
To fetch csrf token value you have to call GET request(Service or metadata GET request also gives you csrf token value).
When you call GET request, You need to pass following entry in headers
X-CSRF-Token Value : Fetch
In response you will get csrf token value and cookies which you need to pass while calling CREATE request.
Regards,
Abhishek Wajge
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.