on 09-25-2015 3:08 PM
Hi Experts,
I have created an xsjs to write into the tables.
I have created a simple ajax post call.
I have created this about a week ago and everything was working fine till today.
Today i am getting the error : 403 Forbidden in Chrome,
In morzilla it is giviing the error Request execution failed due to missing or invalid XSRF token
The details are as below:
I am not sure what is the reason. . . and i have not changed any system values/priviledges.
Any Idea on that ?
Hi,
if you work with Postman or with CORS mechanism, add "cors" object is your xsaccess file :
{
"exposed": true,
"authentication": {
"method": "Form"
},
"cache_control": "must-revalidate",
"cors": {
"enabled": true,
"allowMethods": [
"GET",
"POST",
"HEAD",
"OPTIONS"
],
"allowOrigin": ["*"],
"maxAge": "3600"
},
"enable_etags": false,
"force_ssl": false,
"prevent_xsrf": false
}
It works but i recommend to use a proxy like Nginx.
Best Regards
Houssem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pinaki
I have the same problem, did you find a solution ?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"prevent_xsrf": false does not do the trick for me 😞
I am on HANA 9703. I simply created a totally new XSJS project "d2" with a basic (standard template) XSJS program named "std.xsjs". Next, I made the aforementioned change to .xsaccess file to reset prevent_xsrf, and activated it.
Using Postman. If I run a GET on this path (https://.../d2/std.xsjs) then I get a login form. If I run POST on this path then I get a 403. It seems bizarre.
Even more strange is that if I enable CORS while prevent_xsrf is false, I no longer get 403s. Probably because the cors setting somehow sneaks in all http methods. But I do not want to enable CORS... so it's back to square one.
Hi friend,
Please first check the prevent_xsrf keyword in the application-acess (.xsaccess) file.
If the value of prevent_xsrf keyword of is true, it can cause this problem.
the topic Cross-Site Request-Forgery Recommendation in HANA developer guide might be helpful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.