on 06-18-2014 8:17 AM
Hello experts!
We encounter a strange behavior in one of our developments and I wonder if of you can help me out:
On our development system (D) We set up a SAPUI5 application that communicates with our SAP-backend system via a gateway. It contains of GET and UPDATE methods.
Everything went fine on our development system - we did not enable or disable any CSRF-parameters in the SICF-nodes... it just went fine!
Now as we transfer our application to the quality-system (Q), the CSRF-token-validation failed!
We have checked the network-resources in the chrome browser and in fact no token is returned!
At this point we started to amend a couple of things, we set the parameter ~CHECK_CSRF_TOKEN in our service and our bsp to '1', we explicitly request the token in the GET method and provide it at POST (but this does not work as we didn't get a token at all ....!), we changed the service URL from HTTP to HTTPS. Nothing worked in Q but everything worked in D!
Now comes the funny thing:
For testing reasons we have entered user and pw credentials at the bsp in SICF. As we tried to figure out if it could be a problem of authorization, we removed the user and entered it directly in the chrome-prompt that poped up as the system requests the page and then it works fine... even with the same user we entered at SICF!!!
Can anyone say anything to this?
Thanks a lot in advance!
Is any one help me out how to resolve this error
PUT............405(method not allowed)
CSRF token validation failed
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It looks like the system treats the service as "public" as long as we have entered credentials, the service is not entered in a public SICF node though!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jörn,
when you enter user credentials in an ICF node the underlying HTTP framework will not create a CSRF token and as a result you cannot create a service with hard-coded user credentials to perform updates via SAP Gateway.
If you want to perform updates OData client has to use one of the supported authentication methods.
Best Regards,
Andre
Hi,
from your sapui5 application, you can try to use OData API method setTokenHandlingEnabled and set it to false to disable token handling.
JsDoc Report - SAP UI development Toolkit for HTML5 - API Reference - sap.ui.model.odata.ODataModel
Regards,
Chandra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Check with this SAP note 1800109 - "CSRF token validation failed" when using Gateway Client and see if this is applicable to your system.
Regards,
Chandra
User | Count |
---|---|
79 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.