on 01-13-2015 1:08 AM
Hi,
I have successfully retrieved the "X-CSRF-Token" token value for a number of the other odata services (eg ZCD204_EPM_DEMO_SRV) on sapes1 but I'm unable to get a response that includes the cookie & header being set in the response when accessing https://sapes1.sapdevcenter.com/sap/opu/odata/sap/ZGWSAMPLE_SRV/ .
My username and password are correct, I can retrieve data in ZGWSAMPLE_SRV but when i set "X-CSRF-Token" to "Fetch" the response headers do not include a "X-CSRF-Token" entry.
Using the "REST Console" in chrome I can provide the details of a failing request.
Request Headers:
Authorization: Basic SOMEVALUE
X-CSRF-Token: Fetch
Accept: */*
Connection: keep-alive
Content-Type: application/xml
Origin: chrome-extension: //rest-console-id
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Response Headers:
Status Code: 200
server: SAP NetWeaver Application Server / ABAP 702
dataserviceversion: 2.0
ntcoent-length: 2574
content-type: application/atomsvc+xml
The CSRF token header is missing.
Am I doing something wrong? Is the service mis-configured? What do I need to try to overcome this?
Cheers,
Tom
Hi Thomas,
the check of the X-CSRF-Token is deactivated for that service, that´s why the ICF does not create tokens. If you start transaction SICF and navigate to you service node, view the service details and press button "GUI configuration" on the tab Service Data. There you can see the parameter ~CHECK_CSRF_TOKEN = 0, which means "deactivated".
Unfortunately you can not change it by yourself. You may switch to edit mode and change the parameter, but when you try to save it, an error message will show up (that happens for my user, at least).
Official guidance is provided here:
http://help.sap.com/saphelp_nw74/helpdata/de/B3/5C22518BC72214E10000000A44176D/content.htm
Best regards,
Ringo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ringo,
Thanks for the info, helped a lot, looks like that service is setup in "Compatibility Mode for SP02" mode. So using 'X-Requested-With=XMLHttpRequest' allowed me to post modifying requests.
(Apologies for the ignorance on the SAP side of things, I'm not a SAP guy, just a developer trying to integrate with a client SAP system).
Cheers,
Tom
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.