cancel
Showing results for 
Search instead for 
Did you mean: 

X-CSRF-Token

Former Member
0 Kudos

Hi folks,

could you please advise me how to generate X-CSRF-Token with GET method. Service call is executed successfully with return code 200, but it is not returning CSRF Token, which I need in my front end for CRUD Operations.

View Entire Topic
mary_silvester
Explorer
0 Kudos

Hi,

Try this code.

OData.request

  ({

    requestUri: "Your Service Url",

    method: "GET",

    headers:

    {    

          "X-Requested-With": "XMLHttpRequest",

          "Content-Type": "application/atom+xml,application/json",

          "DataServiceVersion": "2.0",                 

          "X-CSRF-Token":"Fetch"  

     }          

  },

    function (data, response)

  {

      header_xcsrf_token = response.headers['x-csrf-token'];

      });

},

  function(err)

  {

  sap.m.MessageToast.show("Token not received");

  });

In header_xcsrf_token you will get the token value.

Regards,

Salu

Former Member
0 Kudos

Thanks Salu, I will try this. But, I am surprised why SAP gateway client in not returning this token for my service. Is there any setting we need to do to get this?

AshwinDutt
Active Contributor
0 Kudos

Gateway client internally handles Token and hence no need of token when testing in GW Client.

Token is needed when we test from external application.

Former Member
0 Kudos

Hi Ashwin,

I agree, but the same token gets generated when I use SAP's Demo System i.e ES1.

and even using above code given by Salu S dose not work.

   ES1 - Token Generated

   My own System - Token not generated

EkanshCapgemini
Active Contributor
0 Kudos

Hi Yogendra,

Recently I faced a similar issue. In that case, someone has hardcoded a username and password in SICF service node. Once I removed the credentials, it started generating the token.

Please check if this is the case in your system as well.

Regards,

Ekansh

Former Member
0 Kudos

HI Ekansh,

I tired your suggestion, but unfortunately it dint return the Token.

EkanshCapgemini
Active Contributor
0 Kudos

Hi Yogendra,

Were you able to solve this? You can also check this

Former Member
0 Kudos

Hi Ekansh,

Initially the User Password was set in SICF Service Node but even after removing, it has not generated the token.

PS Sorry for the late response, I was preoccupied with other activities. 

asdasd_asdasd
Active Participant
0 Kudos

Try to add the GUI Parameter "~CHECK_CSRF_TOKEN" with the value "1" to OData service  in Tx:"SICF", please check:

Cross-Site Request Forgery Protection

Best regards.

Former Member
0 Kudos

Hi Colman,

GUI Parameter is there but system still not generating token.

asdasd_asdasd
Active Participant
0 Kudos

Hi,

I had the same problem, i found that the gateway client handled this value internally( try to put the header parameter "X-CSRF-Token" with the value "Fetch" on the gateway client, and you will see a popup with a warning),try to use a rest client tool like Postman to check the "X-CSRF-Token" value:

Best regards.