cancel
Showing results for 
Search instead for 
Did you mean: 

CSRF token validation failed error

Former Member
0 Kudos

Hi,

I have my on-premise GW system connected with HCP Web IDE. I created a service in SEGW by using DDIC structure as my entity set and i also enhanced DPC_EXT class by redefining GET_ENTITYSET and GET_ENTITY methods. By using this service i created one Fiori - Master detail app but  While testing it im getting this error "CSRF token validation failed", could anybody please help regarding this.

Rgds

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member187007
Active Participant
0 Kudos

The solution for me was disable the head request for token, in the config option of creation of the odata model, add the next line:

disableHeadRequestForToken : true

Please tell me if it works.

Best regards.

Jhon Jairo.

Former Member
0 Kudos

If trying to POST directly it will show this error, you need first run a GET request, get the CSRF token (by command "x-csrf-token" : "Fetch" ) then do a POST request.

try this:

OData.request({

             requestUri: urlGet,

             method: "GET",
              headers: { "X-Requested-With": "XMLHttpRequest",
                         "Content-Type": "application/atom+xml",
                         "DataServiceVersion": "2.0",
                         "x-csrf-token" : "Fetch"
                               }
           },
           function(insertedItem,response) {
            var header_xcsrf_token = response.headers['x-csrf-token'];
                oHeaders = {
                         "X-Requested-With": "XMLHttpRequest",
                         "Content-Type": "application/atom+xml",
                         "DataServiceVersion": "2.0",
                         "x-csrf-token" : header_xcsrf_token,
                         "Accept" : "application/json, application/atom+xml, application/atomsvc+xml " }
              OData.request({
                   requestUri: urlPost,
                   method: "POST",
                   headers: oHeaders,
                   data: data
                 },
                  function(data,response) {

                   // SUCCESS
                  },
                  function( data, request){
                       // alert("error POST : " + data.response.body);
 
           },
           function(insertedItem) {
             dialogBusy.close();
             alert('error Get ');
           });

Former Member
0 Kudos

Hi,

Any update on this. please advise.

Rgds

former_member187007
Active Participant
0 Kudos

Hello,

Did you find any explanation and solution for this, I'm troubleshooting with this too. Even I tested my odata service from the url of hana cloud platform and works well (with $metadada).

Thanks.

Regards.

Jhon Jairo.

0 Kudos

Hello,

I am experiencing the same issue.

On-premise GW system.

Servise /sap/opu/odata/iwbep/gwdemo/

When using most simple Wizard for SAP Fiori Worklist Application, on Data Connection step, I can test and even browse the tables (sets) via 'Show Details' button.

But then immediately run newly created application it shows error 403 - 'CSRF token validation failed' after a minute of delay.

In GW system log I can see that request was received and the GW system decides to forbid the request.

Please advise.

0 Kudos

Hi Colleagues,

adding two these lines in manifest.json file into default data model resolves the issue.

"": {

"dataSource": "mainService",

"settings": {

"metadataUrlParams": {

"sap-documentation": "heading"

},

"disableHeadRequestForToken": true,

"useBatch": false

Thank you for advices.