Skip to Content

CSRF token validation failed for my POST Method in SAPUI5 using Eclipse?

Hi Experts,

Here i am facing one issue with Create an entry into Database Table using SAPUI5 & OData. Fetching the data from Database and displaying in our SAPUI5 application has been done perfectly using OData Service. Fetching purpose i used the below code...

Output:

when i was trying to create by clicking on Create button : below i am providing my code for Create (POST) Method...

when i click on Save button it will not triggering my jQuery.ajax line in my Controller code so that it displays else part message.

In DOM i got the error like CSRF token validation failed...

i searched in SCN with the above mentioned error wise, but no relevant solution is found. If any one face this kind of issue and resolved please guide me the steps...where exactly i did the mistake.

Thanks,

Vamsi.

csrf1.jpg (34.1 kB)
csrf2.jpg (57.7 kB)
csrf3.jpg (17.6 kB)
csrf4.jpg (141.8 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Apr 28, 2017 at 08:01 AM

    Hi vamsilakshman pendurti,

    You need to first fetch the XCSRF token and than need to pass for the post request as without xcsrf validation the server doesnt trust the client ..so it will not allow you to POST the data.

    To fetch the x-CSRF token :

    function getCSRFToken() { var token = null; $.ajax({ url: <your Service or metadata> type: "GET", async: false, beforeSend: function(xhr) { xhr.setRequestHeader("X-CSRF-Token", "Fetch"); complete: function(xhr) { token = xhr.getResponseHeader("X-CSRF-Token"); return token;

    And than use this toke and set it in the header of the POST request like this :

    xhr.setRequestHeader('X-CSRF-Token', token);
    Add comment
    10|10000 characters needed characters exceeded

    • var token ;

      $.ajax({ url: '<<My URL>>' ,
      type: "GET",
      beforeSend: function(xhr){ xhr.setRequestHeader("X-CSRF-Token", "Fetch") ; },
      complete: function(xhr){ token = xhr.getResponseHeader("X-CSRF-Token");

      $.ajax({
      type: 'POST' ,
      url : '<<My URL>>' ,
      dataType: "json",
      data: JSON.stringify(oNew),
      contentType:"application/json" ,

      beforeSend: function(xhr) { xhr.setRequestHeader('X-CSRF-Token', token);}

      success: function(){

      new sap.m.MessageToast.show("Customer Added Successfully");
      oDialogue.close();
      sap.ui.getCore().byId("myTable").getModel().refresh(true);
      },
      error: function(){
      new sap.m.MessageToast.show("Error while adding the Customer");
      oDialogue.close();
      }
      });


      }
      })

      thanks

      VIplove

  • avatar image
    Former Member
    Apr 28, 2017 at 09:30 AM

    csrfToken : function(th){ var that=this; var a = "any entity set url or service url"; var f = { headers : { "X-Requested-With" : "XMLHttpRequest", "Content-Type" : "application/atom+xml", DataServiceVersion : "2.0", "X-CSRF-Token" : "Fetch" }, requestUri : a, method : "GET" }; OData.request(f, function(data, oSuccess) { this.ViewThis.oToken = oSuccess.headers['x-csrf-token']; }); },

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 28, 2017 at 12:00 PM

    why use jquery.ajax.....you are looking for trouble....

    Add comment
    10|10000 characters needed characters exceeded