cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP 403 - XSRF violation at NWDS import after PI SP stack implementation

Go to solution
marie_renneke
Participant

on ‎03-13-2015 1:28 PM

0 Kudos

Dear experts,

our customer is facing the issue, that they can't do imports from NWDS to PI anymore after PI has been updated.

NWDS: 7.31 SP 05 Patch 003

PI Java only: 7.31 SP14 (updated from SP Stack 6)

Everytime they want to import content into their productive system they receive a http 403 returncode saying "XSRF violation" and nothing more.

And that's all the Java logs are telling us, too. Default trace says nothing - application log just notices the XSRF violation.

I know there have been some security changes in the implemented SPs that most probably cause this message.

Of course I've already googled and searched through OSS and SCN -  but we're not sure how to handle this situation.

Could it be necessary to update the NWDS, too?

Or is it possible to turn off the XSRF mechanism?

I've found note 1894606 (not really applying to our situation but) describing the parameter xsrf.protection.enabled to be set to false.

Unfortunately I can't find such a parameter anywhere in NWA and I'm really not sure if disabling XSRF makes sense.

Does anybody know, how to handle this?

Many thanks in advance!

Regards

Marie

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hemanth2
Product and Topic Expert
Product and Topic Expert
‎03-13-2015 2:40 PM
0 Kudos

Hi marie,

Hope you are doing good.

Updating NWDS will not be helpful here as you are already on 7.3 NWDS. You can set the xsrf.protection.enabled to false in configtool; please let me know if you are not able to find this. In case an ABAP client is not yet updated to the latest level, it cannot work properly with XSRF protected /dir/CacheRefresh servlet. In this case the /dir/CacheRefresh servlet returns HTTP 403 error due to a missing XSRFToken parameter.

   

Hope this helps.

_ _ _ _ _ _ _ _ _

Kind Regards,

Hemanth
SAP AGS
_ _ _ _ _ _ _ _ _
 

Show replies
Show replies
marie_renneke
Participant
‎03-13-2015 4:40 PM
0 Kudos

Hi Hemanth,

thanks for the response. I already tried finding this parameter in config tool - not really successfully

Under which service is this defined? Could you maybe share the path?

Thanks & regards

Marie

hemanth2
Product and Topic Expert
Product and Topic Expert
‎03-13-2015 4:58 PM
0 Kudos

Marie, is it simple .

marie_renneke
Participant
‎03-16-2015 1:29 PM
0 Kudos

Well, if you know, where to look for it, it's quite simple - you're right

I've deactivated XSRF protection and restarted the system.

I'm now waiting for a response if it helped with the NWDS problem because I can't check this myself.

As soon as there are any news, I'll let you know

Many many thanks for your quick responses!!

Regards

Marie


hemanth2
Product and Topic Expert
Product and Topic Expert
‎03-16-2015 2:03 PM
0 Kudos

Great new Marie .
Please keep us posted; do let us know if the issue persists.

marie_renneke
Participant
‎04-09-2015 3:08 PM
0 Kudos

Hi Hemanth,

thank you very much - deactivating this parameter solved the issue.

I couldn't find any official note to that - is it recommended or maybe even necessary to deactivate this parameter for using NWDS?

I mean - there somehow has to be a reason, that this parameter is active by default... I guess

Thanks & regards

Marie

hemanth2
Product and Topic Expert
Product and Topic Expert
‎04-09-2015 3:34 PM
0 Kudos

Great news marie .

It depends on the application need. For example some settings for SAP WCM needs the parameter to be set to false.

Answers (1)

Answers (1)

former_member184720
Active Contributor
‎03-13-2015 1:32 PM
0 Kudos

It is recommended to maintain the same SP and patch level's b/w NWDS and PI.

So i would suggest you to install the suitable version and see if that helps..

https://nwds.sap.com/swdc/downloads/updates/netweaver/nwds/nw/731/doc/auto_com.sap.netweaver.develop...

Show replies
Show replies
marie_renneke
Participant
‎03-13-2015 1:55 PM
0 Kudos

Thanks for confirming my first guess - I recommended this to our customer - waiting for the result.

Ask a Question