on 06-13-2016 7:46 AM
Hello friends,
After upgrading to SMP3 SP10(Previouly it was SMP3 SP03), our web and mobile applications started to behave strange. After debugging I found that X-CSRF token is not coming every call( Previously token would be coming for every call because we are using these apps form last two years). After going little deep I found that while making first call, X-CSRF token is coming ,after that for further calls to get token ,it is not coming in response header for a period of time. And If I'll try after sometime(duration - I don't know exactly) , Again I'll receive X-CSRF token.
Our URL is calling Integration Gateway.
If I'm saving the token in a local storage for the cases when token will not come from server ,I'll use it, this trick is also not working every time.
So I want to ask that is it because of upgrade or something else. Do I need to change something in coding or configuration.
Is it the standard behavior that server will not issues X-CSRF for every call, instead it issues token for a particular time(session). If it is standard behavior then what points should I keep in mind while making POST call to server.
Is there any relationship between - IAS-RS-Set-Cookie and X-CSRF-Token which I need to consider in coding ?
I have gone through with so many threads and documents but I'm not able to identify the root cause of problem.
Cross-Site Request Forgery Protection - SAP Gateway Foundation (SAP_GWFND) - SAP Library
Current code -
var request = { headers : {
// object that contains HTTP headers as name value pairs
"Authorization" : "Basic " + btoa(user_name + ":" + pass_word),
"X-CSRF-Token" : "Fetch",
},
requestUri : requestUri1, // OData endpoint URI
method : "GET",
datatype : "json",
};
OData.read( request,
function(data,response) {
var globalTocken;
x_csrf_token = response.headers["X-CSRF-Token"];
if(typeof(x_csrf_token) !== "undefined" ){
globalTocken = x_csrf_token;
localStorage.removeItem("savedTocken");
localStorage.setItem("savedTocken",globalTocken);
}else{
globalTocken = localStorage.savedTocken;
x_csrf_token = globalTocken;
}
Hello,
try this code it is working fine- Save the token in a local memory and use it until new token will not get generate from server.
function save_all(){
var globalTocken,X_CSRF_Token,a = {};
a.Authorization = "Basic " + btoa("username" + ":" + "password"),
a["X-CSRF-Token"] = "fetch",
$.ajax({
type: "get",
cache: !1,
url: requestUri1,
headers: a,
dataType: "xml",
success: function(a, b, c) {
if(!c.getResponseHeader("X-CSRF-Token")){
globalTocken = localStorage.savedTocken;
X_CSRF_Token = globalTocken;
else{
globalTocken = c.getResponseHeader("X-CSRF-Token");
localStorage.removeItem("savedTocken");
localStorage.setItem("savedTocken",globalTocken);
X_CSRF_Token = globalTocken;
}
},
statusCode: {
401: function() {
alert("User name and password is wrong");
},
403: function() {
alert("error 403");
}
},
error: function(a, b) {
alert(b);
}
});
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.