Skip to Content

Forbidden issue while making post call for XSJS service

Hi Team,

I did try making POST call for XSJS service, here request is failing with 403-forbidden issue, it is not the case with GET operation. Do we need any additional configuration for my service in order to enable post protocol?

FYI, am doing this through postman.

Please suggest. Thanks in advance.



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Aug 26, 2017 at 04:52 AM

    I assume that in your application access file (.xsaccess) the "prevent_xsrf" flag is set to true to secure your application against cross-site request-forgery attacks. In that case you need to determine a CSRF token before you do the post, to be able to pass the token in the post request header (as X-CSRF-Token).
    For test reasons you can set the flag in the .xsaccess file to false, but in general it is not recommended to do that, especially if your services do write operations.

    For details please check the documentation here.


    Add comment
    10|10000 characters needed characters exceeded