on 2020 Aug 14 1:49 PM
Hi,
I am using a get method for Odata and I am storing the CSRF token in a variable called token which i got it form the get method and passing the CSRF token in post method but getting the error : CSRF token validation failed","status_code":403
is there anything that i am missing to add in the headers ?
can you help me
Thanks
Kishore
Hi,
CSRF token is always generated against a session ID/cookie. So when you make a GET call to C4C with x-csrf-token=fetch as request header than in the response along with csrf token you also get some session cookies.
So when making the POST call from rest clients like POSTMAN cookies are already shared and hence it is successful. Whereas when making the same call with SAP CAI it fails because CAI does not pass the session context to C4C there C4C does not know against which session your CSRF needs to be evaluated.
Now in order to fix this problem, you also need to pass "Cookie" as a request header parameter for your POST call along with CSRF value. This "Cookie" header will contain the value of all the response cookies from response of GET request.
Then it should work.
BTW.. You can also see in POSTMAN via code generation how they sent the value of response cookie with CXRF Token you passed. header-sent-from-postman.png
Thanks
Saurabh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Siva,
One suggestion to possibly correct the issue would be to set up a destination in your Cloud Foundry account for the SAP system.
You can then refer to the system as:
destination://<destination name>/sap/opu/odata/sap/<OData service>
Do let me know if this works for you.
Best Regards,
Rohit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
67 | |
8 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.