on 05-31-2012 1:50 PM
Hi,
I am trying to read the X-CSRF-Token from GW read service without success. Any idea? As far as I know sap.ui.model.odata.ODataModel does not have the provision to pass the header data. So I tried with OData from datajs library, but the response header is always blank. I am able to get the X-CSRF-Token when I run the service uisng firefox REST client.
Here is the code I am using.
headers:
{
"Content-Type": "application/x-www-form-urlencoded",
"X-CSRF-Token":"Fetch"
}
Thanks
Abhilash
Hi Abhilash
I dont have the latest version of Gateway and from your question I am not sure what format you are requesting, but on the previous version to do an xml POST looks like.
var request =
{ headers: {"X-Requested-With": "XMLHttpRequest",
"Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
"Content-Type": "application/atom+xml",
"DataServiceVersion": "2.0" },
requestUri: serviceURI,
method: "POST",
user: "developer",
password: "ch4ngeme",
data: contactEntry };
//The post request, passing the callback function
OData.request( request,
function (data) { //Success Callback
sap.ui.commons.MessageBox.show("New contact saved successfully.", sap.ui.commons.MessageBox.Icon.SUCCESS,
"Contact Saved", sap.ui.commons.MessageBox.Action.OK);
},
function (err) {
//Error Callback:
..
}
)
I believe to retrieve the CSRF token you have to do a GET first and for this would assume you use
Content-Type: application/atom+xml
Then once you have the token in the POST replace the header value pair "X-Requested-With": "XMLHttpRequest" for the X-CSRF-Token pair
hope it helps
Cheers JSP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi John,
Thanks for your reply. I tried this option as well, but every time after GET method the OData service is not returning X-CSRF-Token header value.
In order to call a GW service with POST method we need to pass X-CSRF-Token, but to get the CSRF Token I am calling same service with GET method with Header 'X-CSRF-Token : Fetch' but the response never had the X-CSRF-Token value. If I run the same service with mozilla REST client, I am able to get the X-CSRF-Token value. Not sure what is going wrong. Here is the code I am using:
OData.request
({
requestUri: "http://host:8000/sap/opu/odata/sap/servicename/XXCollection('input')",
method: "GET",
headers:
{
"X-Requested-With": "XMLHttpRequest",
"Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
"Content-Type": "application/atom+xml",
"DataServiceVersion": "2.0",
"X-CSRF-Token":"Fetch"
}
},
function (data, request)
{
var dataString;
var counter = 0;
$("<div>Returned data " + window.JSON.stringify(request.headers) +" "+request.headers["X-CSRF-Token"]+ "</div>").appendTo($("#MessageDiv"));
},
function (err)
{
var request = err.request; // the request that was sent.
var response = err.response; // the response that was received.
alert("Error in Get -- Request "+request+" Response "+response);
}
);
Thanks
Abhilash
Hello Abhilash,
Did you validate that the response header is missing with a tool like httpWatch or fiddler? Or via the developer tools build in the browser you are using? I'm just asking since you say that it works with the REST client but not in javascript. It might be related to the same origin policy implementation of the browser you are using. Can you access any other fields from request.header?
Kind regards,
Thorsten
Hey Abhilash,
i also tried to send a "POST" with RESTclient to GW SP03 with OData but get the following error:
The Data Services Request contains SystemQueryOptions that are not allowed for this Request Type
I have fetched my X-CSRF-Token with a GET and send it with post and the header parameter
Content-Type = Application/atom+xml
to the GW system.
I it also tried to add
X-Requested-With = XMLHttpRequest
but also doesn't work.
What is wrong?
Thank you very much!
Best regards,
Ludwig
EDIT
Problem solved.
You are not allowed to pass any parameter in the URL. I have called the URL with "/?$format=xml" in the GET and don't delete this with the POST.
You have to use
Content-Type = Application/atom+xml
X-CSRF-Token = yourToken
And it's working
Message was edited by: Ludwig Heinz
Hi Thorsten & Ludwig,
Thanks for your inputs.
After several attempts I got the solution. Here is the way to read the x-csrf-token.
OData.request
({
requestUri: "http://gwserver:8000/sap/opu/odata/sap/Z_UI5_USER_MAINT_CM/z_ui5_user_maintCollection('AGAMPA')",
method: "GET",
headers:
{
"X-Requested-With": "XMLHttpRequest",
"Content-Type": "application/atom+xml",
"DataServiceVersion": "2.0",
"X-CSRF-Token":"Fetch"
}
},
function (data, response)
{
var header_xcsrf_token = response.headers['x-csrf-token'];
}
);}
Is the request method the same as the read method? Can't find it in the OModel Docu: OpenUI5 SDK - Demo Kit
Hi Abhilash,
I am able to fetch the token number from the HTML application deployed on Tomcat of my machine.
When the same application is deployed on another Tomcat, the Success code is OK but the token number is always blank.
What could be the issue here?
I tried with datajs and ajax, but nothing happened.
Any help would be appreciated.
Thanks,
Priya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am using JSON model in my application. When I am applying the above code for Odata model, it's working fine.But in JSON model I am getting the following error.
CX_SXML_PARSE_ERROR/001560AA0E081DEB8CA398CC1690D406
Error while parsing an XML stream206B32E3A013F1A29B1D20CF30C48576
How to pass the CSRF token through GET request and how to get that token in POST request in jSON model to do create Opearation.
Please follow the below thread for more details
http://scn.sap.com/thread/3437139
Please help me to solve this issue.
Thanks&Regards
Sridevi.G
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.