cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XSJS - Ajax Post Error 403(Forbidden)

pinakipatra
Contributor

on ‎09-25-2015 3:08 PM

0 Kudos

Hi  Experts,

I have created an xsjs to write into the tables.

I have created a simple ajax post call.

I have created this about a week ago and everything was working fine till today.
Today i am getting the error : 403 Forbidden in Chrome,

In morzilla it is giviing the error Request execution failed due to missing or invalid XSRF token


The details are as below:

I am not sure what is the reason. . . and i have not changed any system values/priviledges.

Any Idea on that ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎07-26-2016 10:17 AM

Hi,

if you work with Postman or with CORS mechanism, add "cors" object is your xsaccess file :



{


  "exposed": true,


  "authentication": {


   "method": "Form"
  },


  "cache_control": "must-revalidate",


  "cors": {


   "enabled": true,


   "allowMethods": [


   "GET",


   "POST",


   "HEAD",


   "OPTIONS"
   ],


   "allowOrigin": ["*"],


   "maxAge": "3600"
  },


  "enable_etags": false,


  "force_ssl": false,


  "prevent_xsrf": false
}

It works but i recommend to use a proxy like Nginx.

Best Regards

Houssem

Show replies
Show replies
former_member209468
Explorer
‎01-08-2016 12:15 PM
0 Kudos

Hi Pinaki

I have the same problem, did you find a solution ?

Thanks

Show replies
Show replies
former_member185490
Participant
‎03-29-2016 1:33 AM
0 Kudos

"prevent_xsrf" : false does the trick.

Former Member
‎07-26-2016 2:37 AM
0 Kudos

"prevent_xsrf": false does not do the trick for me 😞

I am on HANA 9703. I simply created a totally new XSJS project "d2" with a basic (standard template) XSJS program named "std.xsjs". Next, I made the aforementioned change to .xsaccess file to reset prevent_xsrf, and activated it.

Using Postman. If I run a GET on this path (https://.../d2/std.xsjs) then I get a login form. If I run POST on this path then I get a 403. It seems bizarre.

Even more strange is that if I enable CORS while prevent_xsrf is false, I no longer get 403s. Probably because the cors setting somehow sneaks in all http methods. But I do not want to enable CORS... so it's back to square one.

former_member189221
Explorer
‎09-30-2015 9:50 AM
0 Kudos

Hi friend,

Please first check the prevent_xsrf keyword in the application-acess (.xsaccess) file.


If the value of prevent_xsrf keyword of is true,  it can cause this problem.


the topic Cross-Site Request-Forgery Recommendation in HANA developer guide might be helpful.

Show replies
Show replies
Ask a Question