X-CSRF - Token?

Does anyone of you used “X-CSRF-TOKEN” before in an HTTPSocket without a problem?

I mean requesting the X-CSRF-TOKEN with GET, and using it in a POST statement?

I get the token, but always get a 403 “CSRF token validation failed” in POST statement as result.

What’s the API?

The API is “SAP Gateway”. [ https://www.sap.com/community/topic/gateway.html ]

I found my problem:

When I get such a X-CSRF-Token in the headers via GET, the X-CSRF-Token gets a cookie, too.

Then when I send the fetched X-CSRF-Token, I have to provide the cookie back. At the moment I only send the X-CSRF-Token back. I don’t know how I can send such a received cookie. I think Xojo didn’t save such a cookie?

I think I found a solution for the cookies. If someone have the same problem, and find this with the search function. My solution was:

In the pagereceived event from the GET Socket:

for i = 0 to headers.nameCount("set-cookie")-1
  cookie = headers.value("set-cookie",i)
  Socket_POST.requestHeaders.appendHeader "cookie",cookie

And then I send it again with Socket_POST.

Dear Marcel,

Can you post a bit more of the code.

I am also trying to do a GET to get the token and then do a POST but cannot quite get the TCPsocket to work.

Can you email me some working code? gerard @ macsos.com.au

Thanks in advance

Hi Gerard,

sorry, I didn’t see your posting.

What exactly do you need?
Maybe I can help you.