CSRF错误在创建实体的POST请求后在ABAP OData服务中发生。

huangapple
go评论63阅读模式
英文:

CSRF error after create entity POST request in ABAP OData service

问题

我即将学习在ABAP中使用OData服务,用于工作目的。
在实现创建实体请求时遇到了一些问题。
调用此POST请求时,我收到了以下错误:

CSRF令牌验证失败
我知道我必须从GET请求头中获取令牌,但是当我尝试将该令牌插入POST请求头时似乎没有起作用。仍然收到相同的错误。
我在SAP LOGON 770中工作。

英文:

I am about to learning OData Services in ABAP for working purposes.
Implementing the create entity request I run into some issues.

METHOD airportsset_create_entity.

****************************************************
* VARIABLES
****************************************************

    DATA:
      lt_wa_input_data LIKE er_entity,
      lt_wa_airport    TYPE zt_xy_airport,
      lv_max_id        TYPE zd_xy_id.

****************************************************
* METHOD LOGIC
****************************************************

    " Get the data from the post request body.
    CALL METHOD io_data_provider->read_entry_data
      IMPORTING
        es_data = lt_wa_airport.

    " Copy data into the work area.
    MOVE-CORRESPONDING lt_wa_input_data TO lt_wa_airport.

    " Select the max id from the table to prevent duplicate key error.
    SELECT SINGLE MAX( airport_id ) FROM zt_xy_airport INTO lv_max_id.

    " Fill out the remaining fields of the work area.
    lt_wa_airport-mandt = sy-mandt.
    lt_wa_airport-airport_id = lv_max_id + 1.

    " Insert the data to the table.
    INSERT zt_kd_airport FROM lt_wa_airport.

  ENDMETHOD.

Calling this POST request I got back this error:
> CSRF token validation failed

I know that I have to get the token from a get request header, but when I try to insert that token into the POST request header nothing seem to be working. Got back the same error.

I am working in SAP LOGON 770.

答案1

得分: 0

POST请求必须在相同终端进行HEAD请求之前(或者在服务的基本URL上进行GET请求),其中包括以下标头:

X-CSRF-Token: Fetch

对于此HEAD(或GET)请求的响应将包含在X-CSRF-Token标头中的CSRF令牌,并且它将包含

  • 一个会话cookie SAP_SESSIONID_<SID>_<client>,该令牌与之绑定,
  • 或者,如果没有会话,则有一个sap-XSRF_<SID>_<client> cookie,该令牌与之绑定。

是否存在会话取决于您选择的身份验证机制。但无论如何,POST请求中都必须包含cookie和X-CSRF-Token标头。

很可能您需要更改_发出_请求的代码(您尚未共享)。

英文:

The POST request must be preceded by a HEAD request to the same endpoint (or a GET request to the service's base URL) which includes the header

X-CSRF-Token: Fetch

The response to this HEAD (or GET) request will then contain a CSRF token in the X-CSRF-Token header, and it will contain

  • a session cookie SAP_SESSIONID_<SID>_<client>, to which this token is bound,
  • or, if there is no session, a sap-XSRF_<SID>_<client> cookie, to which this token is bound.

Whether there is a session depends on the authentication mechanism that you chose. But in any case, both the cookie and the X-CSRF-Token header must be included in the POST request.

Likely, you have to make a change in the code that makes the request (which you have not shared).

huangapple
  • 本文由 发表于 2023年5月22日 21:05:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/76306516.html
  • abap
  • csrf
  • odata
  • post
  • sap-gateway
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定