x-CSRF Token Purpose in Gateway

Former Member · ‎01-01-2015

Hi,

1. May i know the purpose of x-CSRF token?

2. Is it mandatory to use this token in Production environment? Currently we are calling oData service without x-CSRF token. is it ok to go live without this token.

3. In case if we need to add x-CSRF token do we need to change the existing code(which works fine)

Tags edited by: Jitendra Kansal

SyambabuAllu · ‎01-02-2015

Hello,

Adding few more links for X-CSRF Token,

Cross-Site Request Forgery Protection - SAP NetWeaver Gateway Foundation (SAP_GWFND) - SAP Library

CSRF Protection - Connectivity - SAP Library

Thanks,

Syam

Jitendra_Kansal · ‎01-01-2015

Hi,

This CSRF (Cross-site request Forgery) a type of attack, when attacker tires to send malicious requests from a website that user visits to another site where the victim is authenticated.Prevention from this attack is based on keeping security token during user's session and providing it with every modify operation (PUT, POST, DELETE). If the provided token is not correct, gateway responds with HTTP 403 ("Forbidden") return code.

Check below write-ups for more info:

Regards,

JK

x-CSRF Token Purpose in Gateway

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: Connect to ABAP environment using RFC

Re: Need Help to extract value from message with g...

I am using exit_saplkedrcopa_001 for enhancement t...

How to transport Build Workzone Site to another su...

Re: SAP Integration Suite - IDOC to flat file conv...