cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CSRF token validation failed in request to CDS Annotation-Generated OData Webservice

Former Member

on ‎02-01-2018 1:45 PM

0 Kudos

Hi,

I am currently trying to build a test SAPUI5 application on a SAP Netweaver 751 Application Server.

The data to be displayed in the application is retrieved via an OData Webservice generated with the help of annotation "@OData.publish:true" in a CDS View.

The actual display is done in a SAPUI5 application, in a SmartTable.
The definition of the SmartTable looks like this:

<smartTable:SmartTable 
   id="LineItemsSmartTable" 
   entitySet="ZPS_CDS_SFLIGHT" 
   initiallyVisibleFields="carrid,connid,fldate,price,currency"
   requestAtLeastFields="carrid,connid,fldate,price,currency"
   tableType="Table" 
   useExportToExcel="true" 
   useVariantManagement="false" 
   useTablePersonalisation="true" 
   header="Line Items" 
   showRowCount="true" 
   enableAutoBinding="true" 
   class="sapUiResponsiveContentPadding">


	<smartTable:layoutData>
			<FlexItemData growFactor="1" baseSize="0%"/>
	</smartTable:layoutData>


</smartTable:SmartTable>

Now in the view's controller, I'm instantiating and setting an OData model as follows:

onInit: function() {
   var oModel, oView;	
   oModel = new sap.ui.model.odata.v2.ODataModel("/sap/opu/odata/sap/ZPS_CDS_SFLIGHT_CDS", false);	
	
   oView = this.getView();
   oView.setModel(oModel);		
}

Now, when I run the SAPUI5 application (after deployment on the Application Server), I get the following response back:

Looking at the actual POST request, I notice that they fail with the message "CSRF token validation failed".

At a closer look into the actual POST request, I see that the 2 requests are done with two different CSRF tokens generated by preceding HEAD requests:

Any ideas why is this happening? I would normally expect that a single CSRF token is used throughout the session.

In this particular scenario I have no access to the POST requests as they are done, I assume, by the SmartTable.

Thank you in advance!

sepo

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎02-07-2018 1:39 PM

Hi,

I wasn't able to find an explanation to the fact that two consecutive batch requests are posted with different CSFR tokens, but I managed to find a workaround: disable the use of batch requests in the OData model by setting

oModel.setUseBatch(false);

Cheers,
sepo

Show replies
Show replies
former_member423301
Explorer
‎05-11-2022 5:28 PM
0 Kudos

After many hours of troubleshooting this also worked for me.

It doasen't really make any sense to me as to why or how.

but a big thank you to you regardless.

Cheers,

Brendan

former_member247105
Explorer
‎03-10-2020 8:15 PM
0 Kudos

Hi! anyone found a soluction to this? I am having the same problem using a CDS view with @Data.publish

Show replies
Show replies
Ask a Question