cancel
Showing results for 
Search instead for 
Did you mean: 

[SAP BYD - HELP] CSRF token validation failed

690

Hi Expert,

I have a problem below when I Patch to oData.

  • The first time, I Get oData with HeaderParam. It returns status 200.
  • Then I got HeaderParam "x-csrf-token" with the value which I GET it in the result and I Patch the Odata. It returns status 403 Forbidden.
  • I got an error "CSRF token validation failed" when I Patch It, I have tested it before in Postman it was successful.
  • I have tried many times like adding Cookies and changing the method Patch,... but it's not successful.

All my code I wrote in one script file, and I call GET, PATCH Odata at the same time.
P/s: So how can I fix it? I hope my question can be slove.
Thanks and Best Regards

ixdse
Explorer
0 Kudos

Hi I have a similar issue. We are getting a 404 with this error message:

The server has not found any resource matching the Data Services Request URI.

We are doing a POST request to an odata service (khemployeetime) SubmitToApproval action. An other request to the same service is working, but this not.

submittoapproval is working in Postman when getting the token in Postman by executing the GET of khemployeetime.

I tried your solution but there are multiple issues:

first I do not get the token when executing in ABSL code. When I try this in Postman it works fine to get the token.

When I hard code the token in ABSL that I got from Postman I get the error 404 with the error message.

 

Do you have any clue?

 

I think it has nothing todo with authorization more then getting the request available in ABSL.

 

Is there somewhere something different when requesting an action?

ixdse_0-1725538026714.png

 

 

View Entire Topic
ixdse
Explorer
0 Kudos

From SAP:

Thank you for contacting SAP Cloud Support.

This incident has reached the Support team. We have reviewed your issue and understand that you are unable to use the SubmitForApproval Action for the EmployeeTime BO and none of the actions are available for use.

Cause :The action SubmitForApproval from EmployeeTime Business Object does not support validations in ABSL if they are created outside of an Enhancement Implementation.

Resolution :
SAP has provided a standard BADI definition which can be implemented by the partners for these types of validations. The BADI name is TIM_EMP_TIME_VALIDATION_CHECK and the corresponding enhancement spot name is ES_TIM_REC_VAL_CHK_EXT. This BADI has an interface with only one method “VALIDATE” which needs to be implemented.

This interface method has importing parameter of type TIM_EMP_TIM_VAL_CHK which in turn consists of Employee Time ROOT UUID, Action Name and Recording View type code as input parameters. These parameters will be passed from the standard SAP code to the BADI implementation whenever any action will be called on the employee’s working time confirmations.

In the BADI implementation, you need to check for the Action name that is existing on the ROOT node of the TIMX_EMPLOYEE_TIME BO (if the implemented code needs to be executed for some specific actions, in this case SUBMIT_FOR_APPROVAL) and then retrieve the ROOT and ITEM node data of TIMX_EMPLOYEE_TIME business object with the help of received Root Node UUID.

After data retrieval, the conditions need to be put to validate the entered/saved time durations. If the requirement is to raise an error message only from the ESS time sheet, then the recording view type code can be checked in the retrieved ITEM data of the BO. The error message which needs to be raised can be logged into the CHANGING parameter of the interface which in turn consists of some attributes with regards to the error message like BADI implementation name, error occurred (Yes/No), message severity, error message text etc. The SAP standard code will take care of the error handling and the error message which is received from the BADI implementation will be shown onto the UI.

For this requirement, "Enhancement Implementation" from SAP Cloud Applications Studio can be used rather than SubmitForApproval Action Validation.

I hope this serves the purpose of the incident. Please feel free to reach us if there are further questions and we are happy to help you. The incident status has been set to Solution Proposed.

 

 

 

So I checked the Enhancement Options and found:

SetEmployeeTimeItemApprover

Now need to figure out how to use this.