cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X-CSRF Token

Go to solution
former_member195632
Explorer

on ‎06-13-2016 7:46 AM

0 Kudos

Hello friends,

After upgrading to SMP3 SP10(Previouly it was SMP3 SP03),  our web and mobile applications  started to behave strange. After debugging I found that X-CSRF token is not coming every call( Previously token would be coming for every call because we are using these apps form last two years). After going little deep I found that while making first call,  X-CSRF token is coming ,after that for further calls to get token ,it is not coming in response header for a period of  time. And If I'll try after sometime(duration - I don't know exactly) , Again I'll receive X-CSRF token.


Our URL is calling Integration Gateway.

If I'm saving the token in a local storage for the cases when token will not come from server ,I'll use it, this trick is also not working every time.

So I want to ask that is it because of upgrade or something else. Do I need to change something in coding or configuration.

Is it the standard behavior that server will not issues X-CSRF for every call,  instead it issues token for a particular time(session). If it is standard behavior then what points should I keep in mind while making POST call to server.

Is there any relationship between - IAS-RS-Set-Cookie  and X-CSRF-Token which I need to consider in coding ?

I have gone through with so many threads and documents but I'm not able to identify the root cause of problem.

Cross-Site Request Forgery Protection - SAP Gateway Foundation (SAP_GWFND) - SAP Library

Current code -

var request = {  headers : {

  // object that contains HTTP headers as name value pairs

  "Authorization" : "Basic " + btoa(user_name + ":" + pass_word),

  "X-CSRF-Token" : "Fetch",

  },

  requestUri : requestUri1, // OData endpoint URI

  method : "GET",

  datatype : "json",

};

OData.read(   request,

    function(data,response) {

     var globalTocken;

       x_csrf_token = response.headers["X-CSRF-Token"];

       if(typeof(x_csrf_token) !== "undefined" ){

       globalTocken = x_csrf_token;

       localStorage.removeItem("savedTocken");

       localStorage.setItem("savedTocken",globalTocken);

       }else{

       globalTocken = localStorage.savedTocken;

       x_csrf_token = globalTocken;

     }

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

bhuvneshkumar_gupta
Participant
‎06-21-2016 1:52 PM
0 Kudos

Hello,

try this code it is working fine- Save the token in a local memory and use it until new token will not get generate from server.

function save_all(){
   var globalTocken,X_CSRF_Token,a = {};

  a.Authorization   = "Basic " + btoa("username" + ":" + "password"),
  a["X-CSRF-Token"] = "fetch",
  $.ajax({
  type: "get",
  cache: !1,
  url: requestUri1,
  headers: a,
  dataType: "xml",
  success: function(a, b, c) {
   if(!c.getResponseHeader("X-CSRF-Token")){
  globalTocken = localStorage.savedTocken;
  X_CSRF_Token = globalTocken;
   else{
  globalTocken = c.getResponseHeader("X-CSRF-Token");
  localStorage.removeItem("savedTocken");
  localStorage.setItem("savedTocken",globalTocken);  
  X_CSRF_Token = globalTocken;

   }  
   },
  statusCode: {
   401: function() {
  alert("User name and password is wrong");
   },
   403: function() {
  alert("error 403");
   }
   },
  error: function(a, b) {
  alert(b);
   }
   });

Show replies
Show replies

Answers (0)

Ask a Question