cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

403 Forbidden : CSRF token validation failed

Private_Member_148162
Explorer

on ‎02-26-2016 9:49 PM

Hi,

I have created the Fiori app(version 1.28) in web ide and imported into eclipse.

In component.js config, I have mentioned the complete odata service URL without proxy and opening the application in chrome with argument --disable web security.

I Just did some Odata model binding to items aggregation of table in my xml view.


And yes, I am using OData V2 model(auto generated code in models.js), handling of csrf token is by default true.

I can see the calls are fired one to fetch the CSRF token and the other to GET the data in a batch.

But still, I am facing issue that 403 Forbidden. Not able to understand why this is happening. Please find the attached.

Kindly suggest If I have to do any changes either in my UI5 code, OData Service implementation or Gateway configurations.

Thanks in Advance..!!

With Best Regards,

Phaneendra

Show replies
Show replies
former_member6142
Explorer
‎02-17-2022 12:33 PM
0 Kudos

Sometimes there are also issues with the SameSite parameter settings in the backend. Check in the Browser Dev Tools if there are issues with SameSite parameter.

Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

quovadis
Product and Topic Expert
Product and Topic Expert
‎06-07-2021 9:53 AM

Hello Community Friends,

The main thing is to pass both the previously fetched x-csrf-token itself along with its session cookie.

The session cookie permits to assert the validity of the x-csrf-token token.

You may want to have a look at the following blog post on 403 where I discuss this matter in more details.

best regards, Piotr

Show replies
Show replies
former_member1150092
Discoverer
‎07-13-2021 9:10 PM
0 Kudos

This answer was really helpful.

Ivaylo
Explorer
‎06-03-2021 3:41 PM
0 Kudos

Hi Osman,

I think I workarrounded that. I redefined CL_REST_RESOURCE and its IF_REST_RESOURCE~GET method, thus escaping from CSRF cookie problem. This way I don't have any negotiation regarding CRSF, but it worked for my scenario 🙂

BR,

Ivaylo

Show replies
Show replies
former_member706001
Explorer
‎05-04-2021 2:58 PM
0 Kudos

Hello

I am facing the same issue, could you find any solution to this problem?

Thanks

Osman

Show replies
Show replies
Ivaylo
Explorer
‎12-02-2020 5:29 PM
0 Kudos

Hi,

facing the same 403 / Forbidden, although I passed CSRF token from GET to PUT. Passed also cookies and x-requested-with = ‘X’. I've described my scenario in details in responce to:

https://blogs.sap.com/2014/07/11/issues-with-csrf-token-and-how-to-solve-them/

Would appreciate meaningful suggestions.

Thanks

BR,

Ivaylo

Show replies
Show replies
amarnath_prasad
Explorer
‎03-01-2016 7:43 PM
0 Kudos

1st of all call get method for CSRF token of that service then call your upload  url.It will definitely work.Reason is very clear when we  are making any modify request(post/update method) framework validate  CSRF token(cross site request forgery) & making any  non modify request(get method) csrf token returns in header.



Reward if helpful.

Show replies
Show replies
former_member188585
Participant
‎03-01-2016 5:37 PM
0 Kudos

Hello Phaneendra,

Have you checked this -

Please check whether in SICF service is active or not.

Troubleshooting - User Interface Add-On for SAP NetWeaver - SAP Library

Cheers

~Rahul

Show replies
Show replies
Sriram2009
Active Contributor
‎02-27-2016 7:05 AM
0 Kudos

Hi Phaneendra

Kindly check this SCN link

Regards

SS

Show replies
Show replies
Private_Member_148162
Explorer
‎02-27-2016 9:50 AM
0 Kudos

Hi Sriram,

Thanks for the quick reply. I have already checked this blog.

As explained in the blog, I am not using either of them. But still I am facing the issue.

Thanks,

Phaneendra.

Ask a Question