Skip to Content

Forbidden issue while making post call for XSJS service

Aug 25, 2017 at 11:19 PM


avatar image

Hi Team,

I did try making POST call for XSJS service, here request is failing with 403-forbidden issue, it is not the case with GET operation. Do we need any additional configuration for my service in order to enable post protocol?

FYI, am doing this through postman.

Please suggest. Thanks in advance.



10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Florian Pfeffer
Aug 26, 2017 at 04:52 AM

I assume that in your application access file (.xsaccess) the "prevent_xsrf" flag is set to true to secure your application against cross-site request-forgery attacks. In that case you need to determine a CSRF token before you do the post, to be able to pass the token in the post request header (as X-CSRF-Token).
For test reasons you can set the flag in the .xsaccess file to false, but in general it is not recommended to do that, especially if your services do write operations.

For details please check the documentation here.


10 |10000 characters needed characters left characters exceeded