Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How does CSRF token works in deployed UI5 APP

former_member134135
Explorer

on ‎2021 Aug 19 1:15 PM

0 Likes
2,448

I have developed a UI5 program that can update data through OData model.

When it runs locally, there is no problem with GET method and POST method.

However, if I deploy the same program as a HTML5 APP, GET method is OK but POST method occurred 403 error.

It seems like CSRF token is incorrect.

I guess maybe XSUAA changed the value of CSRF token?

because of both local run and postman run always get short tokens,

instead of the long token when deploy and run.

The following are the relevant settings.

Please help me to fix my deployed program, many thanks.

Destination:

xs-app.json:

manifest.json:

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
mariusobert
Developer Advocate
Developer Advocate
‎2021 Aug 19 3:22 PM
0 Likes

I'd say this is the intended behavior as you don't set the header explicitly. As a explanation:

When running locally, CSRF is not enforced. This explains why it works.

GET works in the deployed version because CSRF only affects state-changing operations.

inesmartins
Participant
‎2024 Dec 20 6:32 PM
0 Likes
How did you solve it? I have the same problem

Accepted Solutions (0)

Answers (1)

Answers (1)

junwu
SAP Champion
SAP Champion
‎2021 Aug 19 1:48 PM

check if these parameters help when you set it to your odatamodel

earlyTokenRequest: true,
tokenHandling: true,

Show replies
Show replies
Ask a Question