cancel
Showing results for 
Search instead for 
Did you mean: 

Forbidden error in ajax GET call in IOS SAP Hybrid/Native mobile app

0 Kudos
497

Hello Experts,

I have developed a Fiori mobile app which is based on SAP Hybrid Application Toolkit framework. I have a requirement in application to attach the file from my mobile device and save it in backend ECC system. I am using UploadCollection control for the same.

I am able to upload the attachments successfully if am running the same in Android Hybrid mobile app or directly in browser. However, same code is not working in IOS Hybrid app. I am getting success message as well i.e. File uploaded successfully but same attachment is not getting saved in backend. I checked the traces in backend system using Tcode /iwfnd/traces but call is not reaching till backend system and i do not get any traces there.

Please find below the code snippets:

View:

<UploadCollection id="UploadCollection" multiple="true" sameFilenameAllowed="true" instantUpload="true" fileDeleted="onFileDeleted"
			uploadComplete="onUploadComplete" beforeUploadStarts="onBeforeUploadStarts" change="onChange" mode="Delete"/

Controller methods:

I am suspecting that it might be an issue with CSRF token. As we know, we have to send the CSRF token along with the post call to send the attachment to the backend system.

Now, to get the CSRF token first, i have tried multiple ways :

1. Get CSRF Token using OData Model getSecurityToken()

var oDataModel = this.getView().getModel("Offline");

var sST = oDataModel.getSecurityToken();

This is giving me value as undefined in both Android and IOS hybrid apps. However, i am getting CSRF value here in case i am running it directly from browser. I am passing "X-CSRF-Token" with value "Fetch" as well in request header.

2. Get CSRF Token using OData Model refreshSecurityToken()

Again, CSRF token is missing in response header in both Android and IOS hybrid apps but working fine in browser. I am passing "X-CSRF-Token" with value "Fetch" as well in request header.

3. Get CSRF Token using AJAX call:

I have used above code code to get the CSRF token. This piece of code worked perfectly fine in Android Hybrid app and attachment was saved in the backend successfully. But, i am assuming this code didn't work well with IOS hybrid app.

Kindly help me with your expertise in resolving this issue.

P.S. I am unable to debug IOS device app on windows laptop. Kindly suggest if you have any tricks to debug IOS device on window as well.

Regards,

Happy Chhillar

LudoNoens
Product and Topic Expert
Product and Topic Expert
0 Kudos

Please contact our support. Especially during this holidays period, this will help to get the answers you need.

Please use the Trace functionality available in the SAP Mobile Services cockpit to see whether the app is actually able to send out requests. It might be blocked due to CORS or some other criteria in WKWebView.

Another thing to try, is a workaround for CORS issues: please open the SAP Mobile Services admin cockpit. Go to Settings -> Security -> Cross Domain Access. Set the "Origin:" field to "<AdminAPI>,null". You can find the value for <AdminAPI> in the Important Links page. Make sure to remove the trailing slash ("/")

Hope this helps.

Regards,
Ludo

0 Kudos

Hello Ludo,

Thank you for your comment. I have found the root cause for the issue. I missed to add below line of code in the success callback method of store.open() method as specified by you in your blog as per update on 1 October 2020.

Blog: https://blogs.sap.com/2020/03/16/hybrid-application-toolkit-apps-for-ios-switching-to-wkwebview/

sap.Xhook.disable();

Accepted Solutions (0)

Answers (0)