Hi,

My context is HANA Cloud Platform.

So i installed Hana test tool to used xsunit, i changed the localhost.xshttpdest to use the correct host. In this file i'm using basic authorization with my HANA user and password.

Then i coded the test as follow:

describe("Testing Suite", function() {
	it("receive message", function() {
		var requestBody = '{}';
		var headers = {
			"Content-Type": "application/json",
			"x-csrf-token": "fetch"
		};
		var response = jasmine.callHTTPService("/messages.xsjs", $.net.http.GET, requestBody, headers);
		expect(response.status).toBe($.net.http.OK);
		expect(response.headers.get("x-csrf-token")).toBeDefined();
		headers["x-csrf-token"] = response.headers.get("x-csrf-token");
		requestBody = JSON.stringify({
			"data": "data"
		});
		response = jasmine.callHTTPService("/messages.xsjs", $.net.http.POST, requestBody, headers);
		expect(response.status).toBe($.net.http.OK);
	});
});

The token fetch works, but i get a 403 for the second resquest.

With postman i have no issue.

If i deactivate prevent_xsrf in my .xsaccess file i have no issue with the post but it is not something i want to do.

What am i missing ?

Thanks for your help.