cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I set the X-CSRF-Token correctly in an Alexa POST Request to SAP HANA? (403 error)

Former Member

on ‎12-19-2017 5:36 PM

0 Kudos

Hello community,

I have a problem with the x-csrf-token validation with regard to a HTTPS-Post-Request. The request comes from a Lambda function triggered by an Amazon Alexa skill and is sent to a XSO Data file running on the SAP Cloud Platform in an SAP HANA Database. I use Javascript/Node.js.

A valid token is set in the request header (see code in the first picture below) but the response header shows for the x-csrf-token "required" (see code in the second picture below). So there is an error with the validation. The same post request with POSTMAN works correctly, but when I try it via a JS File as a Lambda function (in the first picture) there it comes this error with HTTP status code 403 (see code in the second picture below). The POST request itself does work, but the token validation not. GET requests work fine.


Does anybody know a possible solution?

Thank you very much!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member251619
Explorer
‎12-21-2017 12:14 PM
0 Kudos

Hi Jon,

this might be caused by various things:

1) You're sending the Users credentials as base64 encoded string in the Authorization header. Make sure the user has the rights to access the XS service.

2) Check the .xsaccess file. Do you allow POST requests? (see https://help.sap.com/doc/400066065a1b46cf91df0ab436404ddc/2.0.02/en-US/a9fc5c220d744180850996e2f5d34... chapter "cors")

For me this cors config works fine:

"cors":{"enabled":true,"allowMethods": ["GET","POST","HEAD","OPTIONS"],"allowOrigin": ["*"], "maxAge":"3600"}

3) Cross-site request forgery tokens have limited lifetime. Try to generate a new token for every request. Maybe you can translate this JavaScript coding into the right AWS lambda function code. If nested requests are not an option, try to call the service synchronously.

$.ajax({
	type: 'GET',
	url: sUrl,
	headers: {
		"X-CSRF-Token" : "Fetch"	
	},
	success: function(oData, textStatus, request) {
		var sToken = request.getResponseHeader('X-CSRF-Token');
		$.ajax({
			type:'POST',
			url: sUrl,
			headers: {
				"X-CSRF-Token" : sToken	
			},
			success: function(oData) {
				alert(oData);
			}
		});
	}
});

Best regards
Daniel

Show replies
Show replies
Former Member
‎01-08-2018 9:00 AM
0 Kudos

Hi Daniel,

sorry for the late response.

I have already tried your options out but unfortunately it does not solve the problem.

Nevertheless, thank you very much for your answer and your help!

BR

Ask a Question