Skip to Content
0

CSRF token validation failed in request to CDS Annotation-Generated OData Webservice

Feb 01 at 01:45 PM

152

avatar image

Hi,

I am currently trying to build a test SAPUI5 application on a SAP Netweaver 751 Application Server.

The data to be displayed in the application is retrieved via an OData Webservice generated with the help of annotation "@OData.publish:true" in a CDS View.

The actual display is done in a SAPUI5 application, in a SmartTable.
The definition of the SmartTable looks like this:

<smartTable:SmartTable 
   id="LineItemsSmartTable" 
   entitySet="ZPS_CDS_SFLIGHT" 
   initiallyVisibleFields="carrid,connid,fldate,price,currency"
   requestAtLeastFields="carrid,connid,fldate,price,currency"
   tableType="Table" 
   useExportToExcel="true" 
   useVariantManagement="false" 
   useTablePersonalisation="true" 
   header="Line Items" 
   showRowCount="true" 
   enableAutoBinding="true" 
   class="sapUiResponsiveContentPadding">


	<smartTable:layoutData>
			<FlexItemData growFactor="1" baseSize="0%"/>
	</smartTable:layoutData>


</smartTable:SmartTable>

Now in the view's controller, I'm instantiating and setting an OData model as follows:

onInit: function() {
   var oModel, oView;	
   oModel = new sap.ui.model.odata.v2.ODataModel("/sap/opu/odata/sap/ZPS_CDS_SFLIGHT_CDS", false);	
	
   oView = this.getView();
   oView.setModel(oModel);		
}

Now, when I run the SAPUI5 application (after deployment on the Application Server), I get the following response back:

Looking at the actual POST request, I notice that they fail with the message "CSRF token validation failed".

At a closer look into the actual POST request, I see that the 2 requests are done with two different CSRF tokens generated by preceding HEAD requests:

Any ideas why is this happening? I would normally expect that a single CSRF token is used throughout the session.

In this particular scenario I have no access to the POST requests as they are done, I assume, by the SmartTable.

Thank you in advance!

sepo

scr01.png (3.3 kB)
scr02.png (9.6 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

se po Feb 07 at 01:39 PM
0

Hi,

I wasn't able to find an explanation to the fact that two consecutive batch requests are posted with different CSFR tokens, but I managed to find a workaround: disable the use of batch requests in the OData model by setting

oModel.setUseBatch(false);

Cheers,
sepo

Share
10 |10000 characters needed characters left characters exceeded