cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to fetch X-CSRF-Token

Go to solution
former_member182294
Active Contributor

on ‎05-31-2012 1:50 PM

0 Kudos

Hi,

I am trying to read the X-CSRF-Token from GW read service without success. Any idea? As far as I know sap.ui.model.odata.ODataModel does not have the provision to pass the header data. So I tried with OData from datajs library, but the response header is always blank. I am able to get the X-CSRF-Token when I run the service uisng firefox REST client.

Here is the code I am using.

headers:

{

"Content-Type": "application/x-www-form-urlencoded",

"X-CSRF-Token":"Fetch"

}

Thanks

Abhilash

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182048
Active Contributor
‎06-01-2012 4:34 AM
0 Kudos

Hi Abhilash

I dont have the latest version of Gateway and from your question I am not sure what format you are requesting, but on the previous version to do an xml POST looks like.

var request =
{ headers: {"X-Requested-With": "XMLHttpRequest",
                "Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
                "Content-Type": "application/atom+xml",
                "DataServiceVersion": "2.0" },
requestUri: serviceURI,
method: "POST",
user: "developer",
password: "ch4ngeme",
data: contactEntry }; 
//The post request, passing the callback function
OData.request( request,
function (data) { //Success Callback
sap.ui.commons.MessageBox.show("New contact saved successfully.", sap.ui.commons.MessageBox.Icon.SUCCESS,
 "Contact Saved", sap.ui.commons.MessageBox.Action.OK);
},
function (err) {
//Error Callback:

..
}
)

I believe to retrieve the CSRF token you have to do a GET first and for this would assume you use

Content-Type: application/atom+xml

Then once you have the token in the POST replace the header value pair "X-Requested-With": "XMLHttpRequest" for the X-CSRF-Token pair

hope it helps

Cheers JSP

Show replies
Show replies
former_member182294
Active Contributor
‎06-01-2012 10:36 AM
0 Kudos

Hi John,

Thanks for your reply. I tried this option as well, but every time after GET method the OData service is not returning X-CSRF-Token header value.

In order to call a GW service with POST method we need to pass X-CSRF-Token, but to get the CSRF Token I am calling same service with GET method with Header 'X-CSRF-Token : Fetch' but the response never had the X-CSRF-Token value. If I run the same service with mozilla REST client, I am able to get the X-CSRF-Token value. Not sure what is going wrong. Here is the code I am using:

        OData.request
        ({
             requestUri: "http://host:8000/sap/opu/odata/sap/servicename/XXCollection('input')",
             method: "GET",
             headers:
              {     
                              "X-Requested-With": "XMLHttpRequest",
                              "Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
                              "Content-Type": "application/atom+xml",
                              "DataServiceVersion": "2.0",          
                               "X-CSRF-Token":"Fetch"         
             }         
       },
        function (data, request)
        {
                     var dataString;
                     var counter = 0;

                     $("<div>Returned data " + window.JSON.stringify(request.headers) +" "+request.headers["X-CSRF-Token"]+ "</div>").appendTo($("#MessageDiv"));
        },
     function (err)
     {
              var request = err.request; // the request that was sent.
              var response = err.response; // the response that was received.
               alert("Error in Get -- Request "+request+" Response "+response);
     }
        );

 

Thanks

Abhilash

former_member298677
Discoverer
‎06-04-2012 9:52 AM
0 Kudos

Hello Abhilash,

Did you validate that the response header is missing with a tool like httpWatch or fiddler? Or via the developer tools build in the browser you are using? I'm just asking since you say that it works with the REST client but not in javascript. It might be related to the same origin policy implementation of the browser you are using. Can you access any other fields from request.header?

Kind regards,

Thorsten

Former Member
‎06-05-2012 9:40 AM
0 Kudos

Hey Abhilash,

i also tried to send a "POST" with RESTclient to GW SP03 with OData but get the following error:

The Data Services Request contains SystemQueryOptions that are not allowed for this Request Type

I have fetched my X-CSRF-Token with a GET and send it with post and the header parameter

Content-Type = Application/atom+xml

to the GW system.

I it also tried to add

X-Requested-With = XMLHttpRequest

but also doesn't work.

What is wrong?

Thank you very much!

Best regards,

Ludwig

EDIT

Problem solved.

You are not allowed to pass any parameter in the URL. I have called the URL with "/?$format=xml" in the GET and don't delete this with the POST.

You have to use

Content-Type = Application/atom+xml

X-CSRF-Token = yourToken

And it's working

Message was edited by: Ludwig Heinz

former_member182294
Active Contributor
‎06-05-2012 1:49 PM
0 Kudos

Hi Thorsten & Ludwig,

Thanks for your inputs.

After several attempts I got the solution. Here is the way to read the x-csrf-token.

        OData.request
        ({ 
             requestUri: "http://gwserver:8000/sap/opu/odata/sap/Z_UI5_USER_MAINT_CM/z_ui5_user_maintCollection('AGAMPA')", 
                   method: "GET", 
                   headers: 
                       {      
                                      "X-Requested-With": "XMLHttpRequest",
                                      "Content-Type": "application/atom+xml",
                                      "DataServiceVersion": "2.0",        
                                      "X-CSRF-Token":"Fetch"    
                       }            
                }, 
                 function (data, response)
                 {
                      var header_xcsrf_token = response.headers['x-csrf-token'];
                 }
          );}
Former Member
‎08-19-2014 11:42 AM
0 Kudos

Is the request method the same as the read method? Can't find it in the OModel Docu: OpenUI5 SDK - Demo Kit

Former Member
‎04-19-2016 5:54 AM
0 Kudos

Hi.,

    I have tried the same code, problem is in Chrome browser it is working fine..

In firefox, Edge browsers, it is not getting executed successfully.

can u pls suggest on the same if u have any idea on it?

-Mahi

Former Member
‎08-01-2016 8:16 AM
0 Kudos

This message was moderated.

Answers (2)

Answers (2)

Former Member
‎11-25-2013 6:25 PM
0 Kudos

Hi Abhilash,

I am able to fetch the token number from the HTML application deployed on Tomcat of my machine.

When the same application is deployed on another Tomcat, the Success code is OK but the token number is always blank.

What could be the issue here?

I tried with datajs and ajax, but nothing happened.

Any help would be appreciated.

Thanks,

Priya

Show replies
Show replies
former_member184238
Participant
‎10-15-2013 7:46 AM
0 Kudos

Hi,

I am using JSON model in my application. When I am applying the above code for Odata model, it's working fine.But in JSON model I am getting the following error.

CX_SXML_PARSE_ERROR/001560AA0E081DEB8CA398CC1690D406Error while parsing an XML stream206B32E3A013F1A29B1D20CF30C48576

How to pass the CSRF token through GET request and how to get that token in POST request in jSON model to do create Opearation.

Please follow the below thread for more details

http://scn.sap.com/thread/3437139

Please help me to solve this issue.

Thanks&Regards

Sridevi.G


Show replies
Show replies
Ask a Question