Skip to Content
0
Jul 12 at 11:53 AM

AppGyver BTP Authentication, CSRF token error with Create record

569 Views Last edit Jul 13 at 09:35 AM 3 rev

Hi SAP AppGyver team,

My Appgyver app is using BTP authentication to fetch OData(user info) from backend BTP ABAP Environment. The destination setup is done correctly in the BTP and the app is succesfully fetching the user info and displaying it as list.

Now, I've added user creation page and when the app calls "Create record" flow function for the OData, it returns "CSRF token validation failed" in the browser.

My OData accepts POST method to update the backend data source and I've tested it in the BTP ABAP environment, so it shouldn't be the problem of OData itself.

So is there a missing setting on my end in AppGyver or BTP destination?

Below are the screenshots for reference.

"Create record" and C_USER is the OData connected by BTP authentication. Data to be created are passed in "Record" property.screenshot1.png

When I preview the app in web and push the button to trigger "Create record", it returns 403 POST error. In the response header, "x-csrf-token" is set to "Required". I think the correct way is for AppGyver to call HEAD or GET method of the ODATA and fetch the csrf-token and then finally call the POST method to perform the "Create record". I have feeling that AppGyver is not feetching csrf-token before hand..

screenshot2.png

The returned response is "CSRF token validation failed".

screenshot3.png

Thanks in advance!

Attachments

screenshot1.png (39.8 kB)
screenshot2.png (43.8 kB)
screenshot3.png (5.8 kB)