Reputation: 41
Post operation fails with "CSRF token validation failed" error
I am trying POST operation on SAP Hybris C4C entity.
I came across many blogs where it was mentioned that we need to send X-CSRF-Token during POST which can first be retrieved using GET operation.
I was successfully able to do that using Postman. as Postman stores cookie not causing to CSRF token validation failure.
But, I actually want to call this using golang. And I was getting everytime error as "CSRF token validation failed". Then after going through many blogs I found we not only have to set X-CSRF-Token but also Cookie so that HTTP POST is not treated as new session. otherwise the csrf token we sent does not match with current session causing error.
Even after following above two leads, I am still getting error. Below is the code snippet, I am not sure what else is missing.
Code snippet:
auth := "******:*****"
basicAuth := base64.StdEncoding.EncodeToString([]byte(auth))
geturl := "https://******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi"
req, _ := http.NewRequest("GET", geturl, nil)
req.Header.Set("Authorization", "Basic "+basicAuth)
req.Header.Set("X-Csrf-Token", "Fetch")
cli := &http.Client{}
res, _ := cli.Do(req)
inputMap := make(map[string]interface{})
inputMap["PriorityCodeText"] = "Normal"
inputJSON, _ := json.Marshal(inputMap)
url := "https://*******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi/OpportunityCollection"
request, _ := http.NewRequest("POST", url, bytes.NewBuffer(inputJSON))
request.Header.Set("Authorization", "Basic "+basicAuth)
request.Header.Set("X-Csrf-Token", res.Header.Get("X-Csrf-Token"))
request.Header.Set("Cookie", res.Header.Get("Set-Cookie"))
request.Header.Set("X-Requested-With", "XMLHttpRequest")
request.Header.Set("Content-Type", "application/atomsvc+xml")
request.Header.Set("DataServiceVersion", "2.0")
//request.Header.Set("Accept", "application/atom+xml")
client := &http.Client{}
resp, _ := client.Do(request)
fmt.Printf("Response status code is: %d", resp.StatusCode)
jsonResponseData, _ := ioutil.ReadAll(resp.Body)
fmt.Printf("Response is: %s", jsonResponseData)
Upvotes: 0
Views: 12337
Answers (2)
Reputation: 1140
I face it with tomcat 9 sometimes, in my case, just logout and relogin solve the issue.
It seems that the java app was using an expired cookie but didn't redirect me to the logout page by mistake.
Upvotes: 0
Reputation: 41
It worked! As mentioned by @gp, I had to copy all cookies instead of just setting header. I did below change in code snippet
//request.Header.Set("Cookie", res.Header.Get("Set-Cookie"))
for i := 0; i < len(res.Cookies()); i++ {
request.AddCookie(res.Cookies()[i])
}
Upvotes: 1
Related Questions
- CSRF token validation failed in nodejs while posting data to odata service
- Bad Request: The CSRF tokens do not match - pgadmin4 on Ubuntu
- CSRF token is configured but still POST requests are not working in spring boot app
- X-CSRF-TOKEN validation failed in SAPUI5
- SAP Gateway CSRF Protection only works over HTTPS, not over HTTP
- Spring Cloud Gateway POST Forbidden
- Unable to doPost because app allways send me the header "x-csrf-token: require" HTTP 403
- CSRF verification failed. Request aborted. When I send POST request
- CSRF token validation failed : PHP POST - SAP
- Invalid CSRF Token in POST request