cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Retrieve X-CSRF-Token from sapes1 ZGWSAMPLE_SRV

Go to solution
Former Member

on ‎01-13-2015 1:08 AM

0 Kudos

Hi,

x-posted from:

I have successfully retrieved the "X-CSRF-Token" token value for a number of the other odata services (eg ZCD204_EPM_DEMO_SRV) on sapes1 but I'm unable to get a response that includes the cookie & header being set in the response when accessing https://sapes1.sapdevcenter.com/sap/opu/odata/sap/ZGWSAMPLE_SRV/ .

My username and password are correct, I can retrieve data in ZGWSAMPLE_SRV but when i set "X-CSRF-Token" to "Fetch" the response headers do not include a "X-CSRF-Token" entry.

Using the "REST Console" in chrome I can provide the details of a failing request.

Request Headers:

Authorization: Basic SOMEVALUE

X-CSRF-Token: Fetch

Accept: */*

Connection: keep-alive

Content-Type: application/xml

Origin: chrome-extension: //rest-console-id

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36

Response Headers:

Status Code: 200

server: SAP NetWeaver Application Server / ABAP 702

dataserviceversion: 2.0

ntcoent-length: 2574

content-type: application/atomsvc+xml

The CSRF token header is missing.

Am I doing something wrong? Is the service mis-configured? What do I need to try to overcome this?

Cheers,

Tom

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-13-2015 8:44 AM

Hi Thomas,

the check of the X-CSRF-Token is deactivated for that service, that´s why the ICF does not create tokens. If you start transaction SICF and navigate to you service node, view the service details and press button "GUI configuration" on the tab Service Data. There you can see the parameter ~CHECK_CSRF_TOKEN = 0, which means "deactivated".

Unfortunately you can not change it by yourself. You may switch to edit mode and change the parameter, but when you try to save it, an error message will show up (that happens for my user, at least).

Official guidance is provided here:

http://help.sap.com/saphelp_nw74/helpdata/de/B3/5C22518BC72214E10000000A44176D/content.htm

Best regards,

Ringo

Show replies
Show replies
Former Member
‎01-15-2015 11:59 PM
0 Kudos

Hi Ringo,

Thanks for the info, helped a lot, looks like that service is setup in "Compatibility Mode for SP02" mode. So using 'X-Requested-With=XMLHttpRequest' allowed me to post modifying requests.

(Apologies for the ignorance on the SAP side of things, I'm not a SAP guy, just a developer trying to integrate with a client SAP system).

Cheers,

Tom

Answers (0)

Ask a Question