cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud foundry sapui5 app: ajax post request 403 forbidden

former_member603667
Participant
0 Kudos
2,177

Hi Community,

I'm trying around in cf trial and wanted to do a post request with ajax to my node-js backend with express. But unfortunately I get an 403 forbidden error. All GET requests (with this.getView().getModel("...").loadData("/layoutapi/objectgroups");) instead work fine.

So what is best practice for doing a post request and where could I have missed something?

Please let me also know, if there is someone who can do ajax post requests as in my case without errors.

Best regards!

onSavePressed: function () {
     var url = "/eventapi/object";
     $.ajax({
		type: "POST",
		url: url,
		data: oEventModel.getData(),
		dataType: "json",
		contentType: "application/json",
		success: function (result) {
			alert("success");
		},
		error: function (e) {
			console.log(e.message);
			alert("error");
		}
	});
}

This is my approuter:

{
	"welcomeFile": "/cfElbTrigger/index.html",
	"authenticationMethod": "route",
	"logout": {
		"logoutEndpoint": "/do/logout"
	},
	"routes": [{
		"source": "^/cfElbTrigger/(.*)$",
		"target": "$1",
		"localDir": "webapp"
	}, {
		"source": "^/eventapi/([a-z]+)",
		"target": "eventapi/$1",
                "authenticationType": "xsuaa",
		"destination": "backend_api"
	}]
}

And this is in app.js to authenticate tenants:

var xsenv = require('@sap/xsenv');
var JWTStrategy = require('@sap/xssec').JWTStrategy;
var passport = require('passport');

var services = xsenv.getServices({ uaa: { tag: "xsuaa" }});
passport.use(new JWTStrategy(services.uaa));
oApp.use(passport.initialize());
oApp.use(passport.authenticate('JWT', {
	session: false
}));

Accepted Solutions (1)

Accepted Solutions (1)

former_member603667
Participant

Hi guys,

finally I found it on my own: I forgot the csrf-token.

As you can read here: Blog, especially the last section.

Regards!

Answers (1)

Answers (1)

former_member60399
Discoverer

Had similar issue, csrf-token helped me resolve it.

Thanks

Regards,

Akshay