on 11-24-2014 4:52 PM
We are currently developing new services using SAP Netweaver Gateway 7.4 and have come accross the Cross-Site Request Forgery protection mechanism.
I've got a couple of simple questions regarding this :-
(a) Can we disable the need for it ?
(b) If we were to use a get service to retrieve a token how long does the token last for ?
Any help appreciated.
Mike
Hello Mike,
You can disable as shown below ->
Cross-Site Request Forgery Protection - SAP NetWeaver Gateway Foundation (SAP_GWFND) - SAP Library
But Please note that for all modifying requests, the service must include this token in an HTTP request header field X-CSRF-Token considering the security measures.
Regards,
Ashwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jitendra,
Many thanks for the link and it was useful because it answered one of the questiosn I had but not the other (that I could see anyway).
We are currently developing a android app that is making use of OData Services provided by the Gateway. The app will be managed by Airwatch and only used by a small number of internal users. For this reason I was trying to avoid the need for them to use the CSRF functionality. Is there any way it can be disabled so it does not have to be used ?
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.