SAP Fiori
SAP Fiori LL16 - http 403 Forbidden CSRF token error
Tags:
SAP Fiori Lessons Learned 16
http 403 Forbidden, CSRF token validation failed
Background:
https is not setup correctly in most of sandbox servers and you get http 403 Forbidden error in post method.
POST
http://<host>.<domain>:<port>/sap/opu/odata/GBHCM/LEAVEREQUEST;v=2/LeaveRequestCollection
403 (Forbidden)
Lessons Learned:
What is CSRF token?
- Cross-site request forgery - Wikipedia, the free encyclopedia
- Cross-Site Request Forgery Protection in NetWeaver Gateway
Solution:
You should setup Gateway server correctly.
1896961 - HTTP/HTTPS Configuration for SAP NetWeaver Gateway
For non-production use sandbox server, you can set SICF parameter ~CHECK_CSRF_TOKEN=0.
Transaction: SICF
~CHECK_CSRF_TOKEN=0.
0: disable
1: enable
Do not forget clearing browser cache.