on 02-26-2016 9:49 PM
Hi,
I have created the Fiori app(version 1.28) in web ide and imported into eclipse.
In component.js config, I have mentioned the complete odata service URL without proxy and opening the application in chrome with argument --disable web security.
I Just did some Odata model binding to items aggregation of table in my xml view.
And yes, I am using OData V2 model(auto generated code in models.js), handling of csrf token is by default true.
I can see the calls are fired one to fetch the CSRF token and the other to GET the data in a batch.
But still, I am facing issue that 403 Forbidden. Not able to understand why this is happening. Please find the attached.
Kindly suggest If I have to do any changes either in my UI5 code, OData Service implementation or Gateway configurations.
Thanks in Advance..!!
With Best Regards,
Phaneendra
Hello Community Friends,
The main thing is to pass both the previously fetched x-csrf-token itself along with its session cookie.
The session cookie permits to assert the validity of the x-csrf-token token.
You may want to have a look at the following blog post on 403 where I discuss this matter in more details.
best regards, Piotr
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Osman,
I think I workarrounded that. I redefined CL_REST_RESOURCE and its IF_REST_RESOURCE~GET method, thus escaping from CSRF cookie problem. This way I don't have any negotiation regarding CRSF, but it worked for my scenario 🙂
BR,
Ivaylo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello
I am facing the same issue, could you find any solution to this problem?
Thanks
Osman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
facing the same 403 / Forbidden, although I passed CSRF token from GET to PUT. Passed also cookies and x-requested-with = ‘X’. I've described my scenario in details in responce to:
https://blogs.sap.com/2014/07/11/issues-with-csrf-token-and-how-to-solve-them/
Would appreciate meaningful suggestions.
Thanks
BR,
Ivaylo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1st of all call get method for CSRF token of that service then call your upload url.It will definitely work.Reason is very clear when we are making any modify request(post/update method) framework validate CSRF token(cross site request forgery) & making any non modify request(get method) csrf token returns in header.
Reward if helpful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Phaneendra,
Please check whether in SICF service is active or not.
Troubleshooting - User Interface Add-On for SAP NetWeaver - SAP Library
Cheers
~Rahul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.