Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

adding CSRF parameter in service.tx(request).run(request.query)

Go to solution
karthiheyan_murugesan1
Product and Topic Expert
Product and Topic Expert

on ‎2020 Jul 20 10:39 AM

5,645

Hi ,

Any lead on how to use service.tx(request).run(request.query) for a post call to S/4 odata.

More details

When I use service.tx(request).run(request.query) for a post call, Iam getting CSRF token invalid error in S/4 and thus 403 error in CF.

Iam able to get CSRF token with S/4 URL directly in Tcode /iwfnd/maint_service with header as [X-CSRF-TOKEN : Fetch ].

Iam not able to get CSRF token if i use post using service.tx(request).run(request.query) of SAP CAP Service. [HTTP header is not having the [X-CSRF-TOKEN : Fetch] ]

Exact question

  1. How to set header parameter for getting CSRF token in [ service.tx(request).run(request.query) ] . I want to set [X-CSRF-TOKEN : Fetch] in a GET request header so i can set back CSRF token in post call.

Regards,

Karthi

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
vansyckel
Product and Topic Expert
Product and Topic Expert
‎2020 Jul 20 5:50 PM
0 Likes

Hi karthiheyan.murugesan1, jhodel18,

Please see the SAP Cloud SDK for such functionality.

Best,
Sebastian

Show replies
Show replies
karthiheyan_murugesan1
Product and Topic Expert
Product and Topic Expert
‎2020 Jul 20 10:51 PM
0 Likes

Thanks Sebastian, As Iam a beginner , i need more info.

Assume i want to execute a simple GET

1) I generated odata client from edmx.

2) I have my service definition in service.cds. and its corresponding implementation in service.js.

Will my service.js look like this ? Can you help with a demo GITHUB repos

import { header } from './odata_gen/z-operation-service'; //this line 1 is giving error

srv.on('READ', 'header', request => { return header.requestBuilder().getAll().execute("dest"); })

gregorw
SAP Mentor
SAP Mentor
‎2020 Jul 23 9:15 PM
0 Likes

Hi Sebastian, Ki karthiheyan.murugesan1,

karthiheyan.murugesan1: I would suggest you check out Consuming Services.

vansyckel: can we expect that CAP will hide this complexity from us?

Best regards
Gregor

karthiheyan_murugesan1
Product and Topic Expert
Product and Topic Expert
‎2020 Jul 24 2:05 PM
0 Likes

Hi Gregor ,

There is an open issue in Consuming Services, preventing us from using the POST [csrf token] method to an on-premise system [They might release in Q3/4]. Leaving us with two options

1) Node library like cdse, sap-cf-axios

2) SAP cloud SDK Here regarding SAP cloud SDK , there are very fewer blog resources for JS world in consuming external services through destination.

Regards,

Karthi

SebastianEsch
Active Participant
‎2020 Jul 24 6:43 PM

Hi Karthi,

in Cloud SDK you don't have to do more than provide the destination name in your call to the OData Client. Cloud SDK handles the lookup of the destination and using the Connectivity Proxy behind the scenes: https://sap.github.io/cloud-sdk/docs/js/features/connectivity/proxy-js-sdk#the-automatic-flow

const businessPartners = BusinessPartner.requestBuilder()
  .getAll().filter(BusinessPartner.BUSINESS_PARTNER_CATEGORY.equals('1'))
  .top(5)
  .execute({"destinationName": 'myDestination'});

Kind regards,

Sebastian

vansyckel
Product and Topic Expert
Product and Topic Expert
‎2020 Jul 26 3:22 PM

Hi gregorw,

Improving service consumption is on the roadmap and we'll see what we can do.

Best,
Sebastian

Evgenii
Product and Topic Expert
Product and Topic Expert
‎2020 Jul 30 2:43 PM
0 Likes

Hi Sebastian Esch!

The Cloud SDK for JS still might have issues with consumption of OData services from the S4/Hana on-premise system.

At least it didn't work in my case. https://github.com/SAP/cloud-sdk/issues/171

Though I can get through the proxy to the system I fail with authentication at the on-premise for some reason but when using a standard http request with defined http headers has no issues with authentication.

It could be an issue of the generated odata-client or axios which is used to send a http request to the on-premise.

Best Regards,

Evgeniy

Ask a Question