Skip to Content
author's profile photo Former Member
Former Member

CSRF token validation failed error

Hi,

I have my on-premise GW system connected with HCP Web IDE. I created a service in SEGW by using DDIC structure as my entity set and i also enhanced DPC_EXT class by redefining GET_ENTITYSET and GET_ENTITY methods. By using this service i created one Fiori - Master detail app but While testing it im getting this error "CSRF token validation failed", could anybody please help regarding this.

Rgds

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Mar 22, 2016 at 03:33 AM

    Hi,

    Any update on this. please advise.

    Rgds

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Colleagues,

      adding two these lines in manifest.json file into default data model resolves the issue.

      "": {

      "dataSource": "mainService",

      "settings": {

      "metadataUrlParams": {

      "sap-documentation": "heading"

      },

      "disableHeadRequestForToken": true,

      "useBatch": false

      Thank you for advices.

  • author's profile photo Former Member
    Former Member
    Posted on Jun 14, 2016 at 11:55 PM

    If trying to POST directly it will show this error, you need first run a GET request, get the CSRF token (by command "x-csrf-token" : "Fetch" ) then do a POST request.

    try this:

    OData.request({

    requestUri: urlGet,

    method: "GET",
    headers: { "X-Requested-With": "XMLHttpRequest",
    "Content-Type": "application/atom+xml",
    "DataServiceVersion": "2.0",
    "x-csrf-token" : "Fetch"
    }
    },
    function(insertedItem,response) {
    var header_xcsrf_token = response.headers['x-csrf-token'];
    oHeaders = {
    "X-Requested-With": "XMLHttpRequest",
    "Content-Type": "application/atom+xml",
    "DataServiceVersion": "2.0",
    "x-csrf-token" : header_xcsrf_token,
    "Accept" : "application/json, application/atom+xml, application/atomsvc+xml " }
    OData.request({
    requestUri: urlPost,
    method: "POST",
    headers: oHeaders,
    data: data
    },
    function(data,response) {

    // SUCCESS
    },
    function( data, request){
    // alert("error POST : " + data.response.body);

    },
    function(insertedItem) {
    dialogBusy.close();
    alert('error Get ');
    });

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 22, 2016 at 08:52 PM

    The solution for me was disable the head request for token, in the config option of creation of the odata model, add the next line:

    disableHeadRequestForToken : true

    Please tell me if it works.

    Best regards.

    Jhon Jairo.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.