cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CSRF token problem in firefox

Go to solution
Former Member

on ‎07-24-2014 10:11 AM

0 Kudos

Hi,

When I post something to the server using GW, I get statuscode 403. This only happens when I use firefox, in Chrome and IE everything works fine.

The crsf token is fetched succesfully, but for some reason, it is undefined in my POST request (when using firefox).

Anyone who can help me?

Kind regards,

RW

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-24-2014 2:28 PM
0 Kudos

Anyone?

Show replies
Show replies
Former Member
‎07-24-2014 2:54 PM
0 Kudos

Hi Robbe,

you should probably change yourdefault CSRF protection mechanism in SICF.

Refer the the link below for more information:

Cross-Site Request Forgery Protection - SAP NetWeaver Gateway - SAP Library

Regards,

Ashvin

Former Member
‎07-24-2014 3:22 PM
0 Kudos

Thanks for the reply, but I don't see why the x-csrf token is undefined in some browsers/devices...

Former Member
‎07-24-2014 5:40 PM
0 Kudos

Robbe,

are you using odatamodel for creating new entries? Could you send code snippet where you try to fetch token & post data ?

Regards,

Peter

Former Member
‎07-25-2014 8:05 AM
0 Kudos

Hi Peter,

The code snippet is attached.

I really don't get it, there is even a difference between using iPad mini and iPad 4, using the same version of google chrome...

Anyways, thanks for taking a look at my problem!

RW

codeSnippet.txt.zip
Former Member
‎07-25-2014 8:58 AM
0 Kudos

I also have the feeling in some browsers the success function is executed before the call to fetch the csrf token is finished. So this might be a sync/async issue?

Former Member
‎07-25-2014 10:08 AM
0 Kudos

Robbe,

that could be, or it could be something wrong with odata.request.

You can try to rewrite your post operation into odatamodel.create(). It is smooth and you are fully using what odatamodel gives you. You have even set tokenHandling in your example, but if you are not using odatamodel operations, it does not have any effect. You can check my blog - 1st and 2nd issue for more info.

This is example how I implemented post operation. When you are using odatamodel.create() you do not need to take care about the token by yourself:

   // setting up model

   var oModel = new sap.ui.model.odata.ODataModel("link_to_your_odata_service", false);

   sap.ui.getCore().setModel(oModel);


   var oEntry = {};

   oEntry.Email = content[2].getValue();

   oEntry.Firstname = content[4].getValue();

   oEntry.Lastname = content[6].getValue();

   oEntry.Age = content[8].getValue();

   oEntry.Address = content[10].getValue();

   sap.ui.getCore().getModel().create('/UserSet', oEntry, null, function(){

   oCreateDialog.close();

   sap.ui.getCore().getModel().refresh();

   },function(){

   oCreateDialog.close();

   alert("Create failed");

   }

   );

See full snippet here Sample ui5 app that consumes oData service

I am not sure if that helps you, but I guess it is worth trying.

Regards,

Peter

Former Member
‎07-25-2014 11:10 AM
0 Kudos

Hi Peter,

I just changed my code, and now it also works in Firefox.

On the iPad 4 it still doesn't work, but now I get another error:

network_err: xmlhttpRequest exception 101

I already tried to refresh the sucurity token before the create() function, both sync and asycn. But I get the same result.

Kind regards,

RW

Former Member
‎07-25-2014 12:05 PM
0 Kudos

Robbe,

I do not have any info about that, maybe this can help.

Regards,

Peter

Answers (0)

Ask a Question