cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X-CSRF-Token

Former Member

on ‎02-02-2016 9:34 AM

0 Kudos

Hi folks,

could you please advise me how to generate X-CSRF-Token with GET method. Service call is executed successfully with return code 200, but it is not returning CSRF Token, which I need in my front end for CRUD Operations.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

mary_silvester
Explorer
‎02-02-2016 12:06 PM
0 Kudos

Hi,

Try this code.

OData.request

  ({

    requestUri: "Your Service Url",

    method: "GET",

    headers:

    {    

          "X-Requested-With": "XMLHttpRequest",

          "Content-Type": "application/atom+xml,application/json",

          "DataServiceVersion": "2.0",                 

          "X-CSRF-Token":"Fetch"  

     }          

  },

    function (data, response)

  {

      header_xcsrf_token = response.headers['x-csrf-token'];

      });

},

  function(err)

  {

  sap.m.MessageToast.show("Token not received");

  });

In header_xcsrf_token you will get the token value.

Regards,

Salu

Show replies
Show replies
Former Member
‎02-02-2016 2:28 PM
0 Kudos

Thanks Salu, I will try this. But, I am surprised why SAP gateway client in not returning this token for my service. Is there any setting we need to do to get this?

AshwinDutt
Active Contributor
‎02-02-2016 3:58 PM
0 Kudos

Gateway client internally handles Token and hence no need of token when testing in GW Client.

Token is needed when we test from external application.

Former Member
‎02-03-2016 10:15 AM
0 Kudos

Hi Ashwin,

I agree, but the same token gets generated when I use SAP's Demo System i.e ES1.

and even using above code given by Salu S dose not work.

   ES1 - Token Generated

   My own System - Token not generated

EkanshCapgemini
Active Contributor
‎02-04-2016 3:04 PM
0 Kudos

Hi Yogendra,

Recently I faced a similar issue. In that case, someone has hardcoded a username and password in SICF service node. Once I removed the credentials, it started generating the token.

Please check if this is the case in your system as well.

Regards,

Ekansh

Former Member
‎02-04-2016 3:25 PM
0 Kudos

HI Ekansh,

I tired your suggestion, but unfortunately it dint return the Token.

EkanshCapgemini
Active Contributor
‎02-16-2016 11:36 AM
0 Kudos

Hi Yogendra,

Were you able to solve this? You can also check this

Former Member
‎04-11-2016 8:16 AM
0 Kudos

Hi Ekansh,

Initially the User Password was set in SICF Service Node but even after removing, it has not generated the token.

PS Sorry for the late response, I was preoccupied with other activities. 

asdasd_asdasd
Active Participant
‎04-11-2016 9:23 AM
0 Kudos

Try to add the GUI Parameter "~CHECK_CSRF_TOKEN" with the value "1" to OData service  in Tx:"SICF", please check:

Cross-Site Request Forgery Protection

Best regards.

Former Member
‎04-11-2016 10:08 AM
0 Kudos

Hi Colman,

GUI Parameter is there but system still not generating token.

asdasd_asdasd
Active Participant
‎04-11-2016 4:47 PM
0 Kudos

Hi,

I had the same problem, i found that the gateway client handled this value internally( try to put the header parameter "X-CSRF-Token" with the value "Fetch" on the gateway client, and you will see a popup with a warning),try to use a rest client tool like Postman to check the "X-CSRF-Token" value:

Best regards.

AshwinDutt
Active Contributor
‎02-02-2016 9:42 AM
0 Kudos

Hello,

For the same GET URL add an Header ' X-CSRF-Token ' and value as ' fetch '.

The response of this GET service will contain the Token value in the response header.

Use the fetched token value for the modifying requests.

Regards,

Ashwin

Show replies
Show replies
Former Member
‎02-02-2016 11:57 AM
0 Kudos

Hi Ashwin,

I already tried it but failed. Actually, the problem in my case is, even from SAP Gateway Client the system is not returning X-CSRF-Token. Any idea how can i generate that.

AshwinDutt
Active Contributor
‎02-02-2016 3:59 PM
0 Kudos

Gateway client internally handles Token and hence no need of token when testing in GW Client.

Token is needed when we test from external application.

Ask a Question