on 01-15-2021 1:51 PM
Hello everybody,
I try to make a Post to a API URL which works perfect with Postman.
First I make the GET to Fetch the X-CSRF-Token, this works but if I try to copy this Token in the Header of the Post Request, I get a 403 Error as status_code.
I try the following Code:
REPORT YTT_TEST.
*----------------------------------------------------------------------*
*Selection-Screen
*----------------------------------------------------------------------*
PARAMETERS: p_name TYPE string DEFAULT 'TEST'.
PARAMETERS: p_pass TYPE string DEFAULT 'TEST123' LOWER CASE.
DATA lo_client TYPE REF TO if_http_client.
DATA lo_response TYPE REF TO if_rest_entity.
DATA lv_response TYPE string.
DATA lv_token TYPE string.
DATA lv_session TYPE string.
DATA lv_xcrf TYPE string.
DATA lv_http_status TYPE string.
DATA gc_content_type_form TYPE string VALUE 'application/json; charset=utf-8'.
DATA gc_url TYPE string VALUE <URL>.
*----------------------------------------------------------------------*
*At Selection Screen Output
*----------------------------------------------------------------------*
AT SELECTION-SCREEN OUTPUT.
LOOP AT SCREEN.
IF screen-name = 'P_PASS'.
screen-invisible = 1.
MODIFY SCREEN.
ENDIF.
ENDLOOP.
"======================Getting CSRF token ==========================================
START-OF-SELECTION.
cl_http_client=>create_by_url(
EXPORTING
url = gc_url
IMPORTING
client = lo_client
EXCEPTIONS
OTHERS = 4 ).
lo_client->authenticate( username = p_name
password = p_pass ).
lo_client->request->set_content_type( content_type = gc_content_type_form ).
lo_client->request->set_method( if_http_request=>co_request_method_get ).
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = 'Fetch' ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5 ).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_token = lo_client->response->get_header_field('X-CSRF-Token').
lv_session = lo_client->response->get_header_field('set-cookie').
lo_client->close( ).
FREE lo_client.
"===========================end of Getting CSRF token ====================================
"=========================validation CSRF token with Post request=========================
cl_http_client=>create_by_url(
EXPORTING
url = gc_url
IMPORTING
client = lo_client
EXCEPTIONS
OTHERS = 4 ).
lo_client->authenticate( username = p_name
password = p_pass ).
lo_client->request->set_content_type( content_type = gc_content_type_form ).
lo_client->request->set_method( if_http_request=>co_request_method_post ).
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = lv_token ).
*lv_xcrf = lo_client->request->get_header_field('X-CSRF-Token' ).
lo_client->request->set_form_field(
EXPORTING
name = 'Cookie' " Name of form field
value = lv_session ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5
).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_http_status = lo_client->response->get_header_field( '~status_code' ).
lv_response = lo_client->response->get_header_field('~status_reason' ).
lv_xcrf = lo_client->response->get_header_field('x-csrf-token' ).
WRITE 😕 'Status:', lv_http_status.
WRITE 😕 'Response:', lv_response.
WRITE 😕 'CSRF-Token:', lv_xcrf .
Hello tobias96
Here is a very similar question. The solution was to set AcceptCooki property to enabled.
https://answers.sap.com/answers/12899029/view.html
Kind regards,You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK now I solved it. The solution was only open once the create by url and only once authenticate myself.
Here is my solution:
REPORT ytt_post_req_2.
DATA lo_client TYPE REF TO if_http_client.
DATA lo_response TYPE REF TO if_rest_entity.
DATA lv_response TYPE string.
DATA lv_token TYPE string.
DATA lv_session TYPE string.
DATA lv_xcrf TYPE string.
DATA lv_http_status TYPE string.
DATA gc_content_type_form TYPE string VALUE 'application/json; charset=utf-8'.
DATA gc_url TYPE string VALUE 'URL'.
"======================Getting CSRF token ==========================================
cl_http_client=>create_by_url(
EXPORTING
url = gc_url
IMPORTING
client = lo_client
EXCEPTIONS
OTHERS = 4 ).
lo_client->request->set_content_type( content_type = gc_content_type_form ).
lo_client->request->set_method( if_http_request=>co_request_method_get ).
*lo_client->authenticate(
*
*
* EXPORTING
*
*
*
* username = '' " ABAP System, User Logon Name
*
*
* password = '' " Logon ID
*
*). " SAP System, Current Language
lo_client->propertytype_accept_cookie = if_http_client=>co_enabled.
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = 'Fetch' ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5 ).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_token = lo_client->response->get_header_field('X-CSRF-Token').
lv_session = lo_client->response->get_header_field('set-cookie').
*"===========================end of Getting CSRF token =========================================
*
*
*
*
*"=========================validation CSRF token with Post request==============================
*
*
lo_client->request->set_method( if_http_request=>co_request_method_post ).
lo_client->request->set_header_field(
EXPORTING
name = 'X-CSRF-Token' " Name of the header field
value = lv_token ).
lo_client->request->set_form_field(
EXPORTING
name = 'Cookie' " Name of form field
value = lv_session ).
lo_client->send(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5
).
lo_client->receive(
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4 ).
lv_http_status = lo_client->response->get_header_field( '~status_code' ).
lv_response = lo_client->response->get_header_field('~status_reason' ).
lv_xcrf = lo_client->response->get_header_field('x-csrf-token' ).
WRITE 😕 'Satus:', lv_http_status.
WRITE 😕 'Response:', lv_response.
WRITE 😕 'CSRF-Token:', lv_xcrf.
DATA(lv_result) = lo_client->response->get_cdata( ).
WRITE: / lv_result.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.