on 01-01-2015 2:49 AM
Hi,
1. May i know the purpose of x-CSRF token?
2. Is it mandatory to use this token in Production environment? Currently we are calling oData service without x-CSRF token. is it ok to go live without this token.
3. In case if we need to add x-CSRF token do we need to change the existing code(which works fine)
Tags edited by: Jitendra Kansal
Hello,
Adding few more links for X-CSRF Token,
Cross-Site Request Forgery Protection - SAP NetWeaver Gateway Foundation (SAP_GWFND) - SAP Library
CSRF Protection - Connectivity - SAP Library
Thanks,
Syam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
This CSRF (Cross-site request Forgery) a type of attack, when attacker tires to send malicious requests from a website that user visits to another site where the victim is authenticated.Prevention from this attack is based on keeping security token during user's session and providing it with every modify operation (PUT, POST, DELETE). If the provided token is not correct, gateway responds with HTTP 403 ("Forbidden") return code.
Check below write-ups for more info:
Regards,
JK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.