emqx http not found 怎么回事_使用ABAP CL_HTTP_CLIENT类消费OData服务时，如何避免CSRF令牌验证失败错误...-CSDN博客

Recently I meet with this cookie issue so I document it as a blog in case any other guys might meet with the same problem.

I am trying to create some Opportunity transaction data by consuming OData service via CL_HTTP_CLIENT. Since this is a update operation which needs to be finished by HTTP POST, so a CSRF token is needed in this HTTP post. Let’s first have a look what is a typical scenario running in Chrome extension postman:

(1) Perform a HTTP get operation with header field x-csrf-token = fetch to get a valid CSRF token from http response header field.

(2) launch a HTTP post request using the CSRF token got from previous step,

And a new opportunity could successfully be created in postman:

However, when I implement the above mentioned scenario in ABAP, I meet with trouble. Instead of the expected successful creation message, I always get the error message “CSRF token validation failed”.

Issue trouble shooting

Let’s go back to postman scenario. Although it seems only the header field x-csrf-token is specified in http request, however there is another field cookie which is added to http request under the hood.

We could get this cookie field from previous HTTP get request which is responsible for CSRF token retrieve:

It means in ABAP implementation, we need to first retrieve BOTH CSRF token and cookie field from the first HTTP GET request, and then added these two fields to the request of second HTTP POST request which actually performs the opportunity creation.

This solution is also explained in this thread usage of CSRF token in ABAP report for POST request.

I just added the complete source code of my implementation here and feel free to reuse it. The ABAP report to create Opportunity by consuming OData service: