SAP Fiori LL16 - http 403 Forbidden CSRF token error

SAP Fiori Lessons Learned 16

http 403 Forbidden, CSRF token validation failed

Background:

https is not setup correctly in most of sandbox servers and you get http 403 Forbidden error in post method.

POST

http://<host>.<domain>:<port>/sap/opu/odata/GBHCM/LEAVEREQUEST;v=2/LeaveRequestCollection
403 (Forbidden)

Lessons Learned:

What is CSRF token?

• Cross-site request forgery - Wikipedia, the free encyclopedia
• Cross-Site Request Forgery Protection in NetWeaver Gateway

Solution:

You should setup Gateway server correctly.

1896961 - HTTP/HTTPS Configuration for SAP NetWeaver Gateway

For non-production use sandbox server, you can set SICF parameter ~CHECK_CSRF_TOKEN=0.

Transaction: SICF

~CHECK_CSRF_TOKEN=0.

0: disable

1: enable

Do not forget clearing browser cache.