Does anyone of you used “X-CSRF-TOKEN” before in an HTTPSocket without a problem?
I mean requesting the X-CSRF-TOKEN with GET, and using it in a POST statement?
I get the token, but always get a 403 “CSRF token validation failed” in POST statement as result.
The API is “SAP Gateway”. [ https://www.sap.com/community/topic/gateway.html ]
I found my problem:
When I get such a X-CSRF-Token in the headers via GET, the X-CSRF-Token gets a cookie, too.
Then when I send the fetched X-CSRF-Token, I have to provide the cookie back. At the moment I only send the X-CSRF-Token back. I don’t know how I can send such a received cookie. I think Xojo didn’t save such a cookie?
I think I found a solution for the cookies. If someone have the same problem, and find this with the search function. My solution was:
In the pagereceived event from the GET Socket:
for i = 0 to headers.nameCount("set-cookie")-1
cookie = headers.value("set-cookie",i)
Socket_POST.requestHeaders.appendHeader "cookie",cookie
next
And then I send it again with Socket_POST.
Dear Marcel,
Can you post a bit more of the code.
I am also trying to do a GET to get the token and then do a POST but cannot quite get the TCPsocket to work.
Can you email me some working code? gerard @ macsos.com.au
Thanks in advance
Hi Gerard,
sorry, I didn’t see your posting.
What exactly do you need?
Maybe I can help you.