Hello everybody,
I try to make a Post to a API URL which works perfect with Postman.
First I make the GET to Fetch the X-CSRF-Token, this works but if I try to copy this Token in the Header of the Post Request, I get a 403 Error as status_code.
I try the following Code:
REPORT YTT_TEST.
*----------------------------------------------------------------------*
*Selection-Screen
*----------------------------------------------------------------------*
PARAMETERS: p_name TYPE string DEFAULT 'TEST'.
PARAMETERS: p_pass TYPE string DEFAULT 'TEST123' LOWER CASE.
DATA lo_client TYPE REF TO if_http_client.
DATA lo_response TYPE REF TO if_rest_entity.
DATA lv_response TYPE string.
DATA lv_token TYPE string.
DATA lv_session TYPE string.
DATA lv_xcrf TYPE string.
DATA lv_http_status TYPE string.
DATA gc_content_type_form TYPE string VALUE 'application/json; charset=utf-8'.
DATA gc_url TYPE string VALUE <URL>.
*----------------------------------------------------------------------*
*At Selection Screen Output
*----------------------------------------------------------------------*
AT SELECTION-SCREEN OUTPUT.
LOOP AT SCREEN.
IF screen-name = 'P_PASS'.
screen-invisible = 1.
MODIFY SCREEN.
ENDIF.
ENDLOOP.
"======================Getting CSRF token ==========================================
START-OF-SELECTION.
cl_http_client=>create_by_url(
EXPORTING
url = gc_url
IMPORTING
client = lo_client
EXCEPTIONS
OTHERS = 4 ).
lo_client->authenticate( username = p_name
password = p_pass ).
lo_client->request->set_content_type( content_type = gc_content_type_form ).
lo_client->request->set_method( if_http_request=>co_request_method_get ).
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = 'Fetch' ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5 ).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_token = lo_client->response->get_header_field('X-CSRF-Token').
lv_session = lo_client->response->get_header_field('set-cookie').
lo_client->close( ).
FREE lo_client.
"===========================end of Getting CSRF token ====================================
"=========================validation CSRF token with Post request=========================
cl_http_client=>create_by_url(
EXPORTING
url = gc_url
IMPORTING
client = lo_client
EXCEPTIONS
OTHERS = 4 ).
lo_client->authenticate( username = p_name
password = p_pass ).
lo_client->request->set_content_type( content_type = gc_content_type_form ).
lo_client->request->set_method( if_http_request=>co_request_method_post ).
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = lv_token ).
*lv_xcrf = lo_client->request->get_header_field('X-CSRF-Token' ).
lo_client->request->set_form_field(
EXPORTING
name = 'Cookie' " Name of form field
value = lv_session ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5
).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_http_status = lo_client->response->get_header_field( '~status_code' ).
lv_response = lo_client->response->get_header_field('~status_reason' ).
lv_xcrf = lo_client->response->get_header_field('x-csrf-token' ).
WRITE 😕 'Status:', lv_http_status.
WRITE 😕 'Response:', lv_response.
WRITE 😕 'CSRF-Token:', lv_xcrf .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.