Retrieve X-CSRF-Token from sapes1 ZGWSAMPLE_SRV
x-posted from: Retrieve X-CSRF-Token from sapes1 ZGWSAMPLE_SRV
I have successfully retrieved the "X-CSRF-Token" token value for a number of the other odata services (eg ZCD204_EPM_DEMO_SRV) on sapes1 but I'm unable to get a response that includes the cookie & header being set in the response when accessing https://sapes1.sapdevcenter.com/sap/opu/odata/sap/ZGWSAMPLE_SRV/ .
My username and password are correct, I can retrieve data in ZGWSAMPLE_SRV but when i set "X-CSRF-Token" to "Fetch" the response headers do not include a "X-CSRF-Token" entry.
Using the "REST Console" in chrome I can provide the details of a failing request.
Authorization: Basic SOMEVALUE
Origin: chrome-extension: //rest-console-id
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Status Code: 200
server: SAP NetWeaver Application Server / ABAP 702
The CSRF token header is missing.
Am I doing something wrong? Is the service mis-configured? What do I need to try to overcome this?
the check of the X-CSRF-Token is deactivated for that service, that´s why the ICF does not create tokens. If you start transaction SICF and navigate to you service node, view the service details and press button "GUI configuration" on the tab Service Data. There you can see the parameter ~CHECK_CSRF_TOKEN = 0, which means "deactivated".
Unfortunately you can not change it by yourself. You may switch to edit mode and change the parameter, but when you try to save it, an error message will show up (that happens for my user, at least).
Official guidance is provided here: