Disable Authentication Pop Up and CSRF Token For O... - SAP Community
Disable Authentication Pop Up and CSRF Token For O... - SAP Community
m
Products and Technology Groups Partners Topics Events What's New
u
ni
t
y
SAP Community Products and Technology Technology
Technology Blogs by Members 19
Disable Authentication pop up and CSRF token for O...
Sharadha1
Active Contributor
08-05-2015 3:47 PM
13 Kudos 53,180
Hi,
I have seen loads of threads with the same topic but none of them specify the
complete solution. They all give solutions in bits and pieces. After struggling for
the past couple of days, I managed to crack it.
Issue:
Solution:
An obvious one, set up the user credentials in 'Logon tab' of the SICF service.
Test it. Hey it works!! No authentication pop up. But you are too quick. Test the
complete cycle until the data is saved in your UI5 application. You will find that
you are getting 'CSRF token invalid' or 'CSRF token undefined' or a error
message similar to this (along with HTTP status code 403 (Forbidden)) in the
console. This error goes away as soon as you remove the user credentials from
the logon tab of the SICF service.
Issue:
You want both the features - there must not be any authentication pop ups
when application is accessed AND application should be able to save/modify
data without any issue.
What happens:
When you provide logon details in the ICF node, you will not be getting CSRF
token from the system. This is because CSRF will work only for services that
require authentication. But when you send a modifying request to the
framework, it expects CSRF token by default and hence the save fails.
Solution:
The only way is to disable the CSRF protection mechanism. The above CSRF
link mentions how to disable it in the SICF service node. But that alone will not
disable the CSRF token. You have to add the header('X-Requested-With' with a
value of 'X') in the ODATA request to disable the CSRF token completely.
Steps
3. Now depending on which route you use to update data, add the headers
a. If you use OData Model to update data, make sure that you give the
following lines BEFORE the create/put/delete call.
oEntry.Empid = sap.ui.getCore().byId("Id").getValue();
oEntry.Empname = sap.ui.getCore().byId("Name")
.getValue();
oEntry.Empadd = sap.ui.getCore().byId("Address")
.getValue();
oEntry.Empdes = sap.ui.getCore().byId("Role")
.getValue();
oModelSav.setHeaders({"X-Requested-With" : "X"});
oModelSav.create('/EmployeeSet', oEntry, null, function(){
},function(){
);
Tags:
Authentication csrf disable gateway invalid
Add tags
Comment
23 Comments
NagaPrakashT
Contributor
08-05-2015 4:11 PM
0 Kudos
Hi Sharada,
Thanks,
Naga
Sharadha1
Active Contributor
08-05-2015 4:15 PM
0 Kudos
Naga,
Sharadha
Former Member
10-21-2015 5:48 AM
0 Kudos
Thanks ..
former_member210247
Explorer
11-05-2015 10:32 AM
0 Kudos
Hi Sharada,
am I got you correct you solved the issue by disable the security mechanism.
I don't think that this is the best approach because there was a good reason to establish
There must be a best practice to get both, no logon popup (e.g. by SSO) and
secure modification including CSRF mechnism.
Regards Klaus
Sharadha1
Active Contributor
11-05-2015 11:48 AM
0 Kudos
Klaus,
Ideally there should be a way but as of now, there is no option
provided for this by SAP (as far as i know). Happy to learn if there
is an alternate solution to this issue. Let me know if you come
across any.
Many thanks,
Sharadha
Oliver_Baer
Explorer
10-06-2016 10:23 AM
0 Kudos
Hi Sharada,
first I want to thank you because I had the same problem and searched the whole day
for a solution until I found your blog post. It works, but the solution is not really satisfying
Regards, Oliver
sandroramos
Active Participant
10-06-2016 1:24 PM
0 Kudos
Excellent!!!
Few days ago i got this Forbidden error, spent a lot of time until
find out my authentication credentials saved in sicf service were
causing this error, just when i was trying to save data. After long
hours of research i just found a topic that a guy commented
something in this way.. and that worked!!! This document will be
very helpsull for future researches, congrats!!!!
Regards,
Sandro Ramos
tdangwa
Explorer
10-19-2016 9:45 PM
0 Kudos
sharadha.k
i have managed to disable authentication pop up and CSRF token
for OData calls using your method above. My problem now i ma
failing to achieve the same with file uploads. i am using
sap.ui.unified.FileUploader to upload files.
Please Assist
Regards,
Terry
maheshpalavalli
Active Contributor
11-04-2016 10:04 AM
0 Kudos
Hi Oliver,
Former Member
11-07-2016 5:06 AM
0 Kudos
Hi Oliver,
Regards,
Anand T
Former Member
11-07-2016 5:07 AM
0 Kudos
Hi Klaus,
Regards,
Anand T
former_member208046
Explorer
11-21-2016 6:30 PM
0 Kudos
Oliver_Baer
Explorer
02-08-2017 12:13 PM
0 Kudos
Hi Mahesh,
Oliver_Baer
Explorer
02-08-2017 12:17 PM
0 Kudos
Hi Anand,
Former Member
04-05-2017 4:17 AM
2 Kudos
Hi Sharadha,
Regards,
Nick
Former Member
05-09-2017 8:23 PM
0 Kudos
Former Member
05-09-2017 8:23 PM
0 Kudos
Thank you so much for a such detailed post about this issue! S2
former_member663752
Explorer
04-28-2020 8:22 AM
0 Kudos
Thank You,
Sagar
vigneshwar_reddy
Active Participant
05-07-2021 12:25 PM
0 Kudos
Excellent.
Perfect solution.
Thanks.
otto_frost4
Participant
10-18-2021 2:40 PM
0 Kudos
hempelbjr
Explorer
10-19-2021 4:02 PM
0 Kudos
Otherwise the POST will return with HTTP Code 200 and is
handled as a GET Request.
former_member768929
Discoverer
04-11-2023 1:24 PM
0 Kudos
Hi Terry,
By any chance you remember on to how you fixed the above issue
for file uploader?
Thanks
Tanisha
srinivastaduka
Explorer
an hour ago
0 Kudos
Hi All,
Please see step by step to access the GET & POST methods from
POST MAN without asking for any credentials.
2) POST method:
POST from Gateway
here we need to select '$batch' from 'ADD URI option' and change
the entityset name in HTTP request payload and add the payload
data like below and click on execute.
Thank You,
Srini T
Comment PREVIEW
Hint: # links to products, @ links to members
Email me when someone replies
Blog Dashboard
New Article
Authorisations 1 Authorizations 1
Related Content
SAP Cloud Identity Services – Identity Authentication と SAP
S/4HANA の間でSAML2.0接続を行う
in Technology Blogs by SAP 2 weeks ago
former_member200339
Participant
jeffrey_towell2
Explorer
1122156 75 330
mstitsel
Active Participant
Follow
Top Kudoed Authors
198839 133 300
dylan-drummond 7
pazabel 7
Copyright Legal Disclosure
ShaikAzmathulla
Trademark Support 5
Cookie Preferences
former_member737877 4