cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable x-csrf-token in SICF service (not ODATA service)

0 Kudos
7,667

Hi Friends,

I have developed a simple REST service using SICF framework in ECC. Functionality of this service is to create a transaction in the SAP system. So I have implemented a POST method.

I have created a service using sicf transaction code in SAP and provided my class name in 'Handler List'. I have used super class CL_REST_HTTP_HANDLER for handler class and used CL_REST_RESOURCE for resource class. Activated service. Everything looking good. However, when I try to test the service from postman it is giving 'CSRF token validation failed'.

To fix this I have fetched the csrf token by sending x-csrf-token = fetch in the header value.

But my client doesn't want to call this service twice #1 to GET csrf token and then #2 to POST actual transaction.

I am looking for a way to disable this csrf-token so that my client can call my service only once to POST actual transaction.

I have go through many threads on this topic but all the threads talking about ODATA service.

Thanks in advance,

Krishna Yerram.

View Entire Topic
ashishbhatt
Explorer
0 Kudos

As per thalesvb, I try it and that is working perfectly, As I work with VPN Connection Based so no major issue of security.

If you want to By Pass x-csrf-token, So you have to Redefine HANDLE_CSRF_TOKEN Method in your class without code. Then after you can POST Call without x-csrf-token. Just use in header in call "X-Requested-With = X".

You also Disable Authentication in SICF-> Logon Section

undefined
Newcomer
0 Kudos
After Redefine HANDLE_CSRF_TOKEN, I can POST Call without header "X-Requested-With = X", is header "X-Requested-With = X" required?