英文:
CSRF error after create entity POST request in ABAP OData service
问题
我即将学习在ABAP中使用OData服务,用于工作目的。
在实现创建实体请求时遇到了一些问题。
调用此POST请求时,我收到了以下错误:
CSRF令牌验证失败
我知道我必须从GET请求头中获取令牌,但是当我尝试将该令牌插入POST请求头时似乎没有起作用。仍然收到相同的错误。
我在SAP LOGON 770中工作。
英文:
I am about to learning OData Services in ABAP for working purposes.
Implementing the create entity request I run into some issues.
METHOD airportsset_create_entity.
****************************************************
* VARIABLES
****************************************************
DATA:
lt_wa_input_data LIKE er_entity,
lt_wa_airport TYPE zt_xy_airport,
lv_max_id TYPE zd_xy_id.
****************************************************
* METHOD LOGIC
****************************************************
" Get the data from the post request body.
CALL METHOD io_data_provider->read_entry_data
IMPORTING
es_data = lt_wa_airport.
" Copy data into the work area.
MOVE-CORRESPONDING lt_wa_input_data TO lt_wa_airport.
" Select the max id from the table to prevent duplicate key error.
SELECT SINGLE MAX( airport_id ) FROM zt_xy_airport INTO lv_max_id.
" Fill out the remaining fields of the work area.
lt_wa_airport-mandt = sy-mandt.
lt_wa_airport-airport_id = lv_max_id + 1.
" Insert the data to the table.
INSERT zt_kd_airport FROM lt_wa_airport.
ENDMETHOD.
Calling this POST request I got back this error:
> CSRF token validation failed
I know that I have to get the token from a get request header, but when I try to insert that token into the POST request header nothing seem to be working. Got back the same error.
I am working in SAP LOGON 770.
答案1
得分: 0
POST请求必须在相同终端进行HEAD请求之前(或者在服务的基本URL上进行GET请求),其中包括以下标头:
X-CSRF-Token: Fetch
对于此HEAD(或GET)请求的响应将包含在X-CSRF-Token
标头中的CSRF令牌,并且它将包含
- 一个会话cookie
SAP_SESSIONID_<SID>_<client>
,该令牌与之绑定, - 或者,如果没有会话,则有一个
sap-XSRF_<SID>_<client>
cookie,该令牌与之绑定。
是否存在会话取决于您选择的身份验证机制。但无论如何,POST请求中都必须包含cookie和X-CSRF-Token
标头。
很可能您需要更改_发出_请求的代码(您尚未共享)。
英文:
The POST request must be preceded by a HEAD request to the same endpoint (or a GET request to the service's base URL) which includes the header
X-CSRF-Token: Fetch
The response to this HEAD (or GET) request will then contain a CSRF token in the X-CSRF-Token
header, and it will contain
- a session cookie
SAP_SESSIONID_<SID>_<client>
, to which this token is bound, - or, if there is no session, a
sap-XSRF_<SID>_<client>
cookie, to which this token is bound.
Whether there is a session depends on the authentication mechanism that you chose. But in any case, both the cookie and the X-CSRF-Token
header must be included in the POST request.
Likely, you have to make a change in the code that makes the request (which you have not shared).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论