cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Netweaver Gateway 7.4 Cross-Site Request Forgery protection

mikejackson
Explorer

on ‎11-24-2014 4:52 PM

0 Kudos

We are currently developing new services using SAP Netweaver Gateway 7.4 and have come accross the Cross-Site Request Forgery protection mechanism.

I've got a couple of simple questions regarding this :-

(a) Can we disable the need for it ?

(b) If we were to use a get service to retrieve a token how long does the token last for ?

Any help appreciated.

Mike

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

AshwinDutt
Active Contributor
‎11-25-2014 8:01 AM
0 Kudos

Hello Mike,

You can disable as shown below ->

Cross-Site Request Forgery Protection - SAP NetWeaver Gateway Foundation (SAP_GWFND) - SAP Library

But Please note that for all modifying requests, the service must include this token in an HTTP request header field X-CSRF-Token considering the security measures.

Regards,

Ashwin

Show replies
Show replies
Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎11-24-2014 5:06 PM
0 Kudos

Mike,

Your both queries are answered in this blog. Read the complete blog and comments:

Show replies
Show replies
mikejackson
Explorer
‎11-25-2014 7:53 AM
0 Kudos

Jitendra,

Many thanks for the link and it was useful because it answered one of the questiosn I had but not the other (that I could see anyway).

We are currently developing a android app that is making use of OData Services provided by the Gateway. The app will be managed by Airwatch and only used by a small number of internal users. For this reason I was trying to avoid the need for them to use the CSRF functionality. Is there any way it can be disabled so it does not have to be used ?

Ask a Question