douchanxiu5636
2018-10-07 10:29
浏览 395
已采纳

发布操作失败,并显示“ CSRF令牌验证失败”错误

I am trying POST operation on SAP Hybris C4C entity.

I came across many blogs where it was mentioned that we need to send X-CSRF-Token during POST which can first be retrieved using GET operation.

I was successfully able to do that using Postman. as Postman stores cookie not causing to CSRF token validation failure.

But, I actually want to call this using golang. And I was getting everytime error as "CSRF token validation failed". Then after going through many blogs I found we not only have to set X-CSRF-Token but also Cookie so that HTTP POST is not treated as new session. otherwise the csrf token we sent does not match with current session causing error.

Even after following above two leads, I am still getting error. Below is the code snippet, I am not sure what else is missing.

Code snippet:

auth := "******:*****"
basicAuth := base64.StdEncoding.EncodeToString([]byte(auth))

geturl := "https://******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi"
req, _ := http.NewRequest("GET", geturl, nil)
req.Header.Set("Authorization", "Basic "+basicAuth)
req.Header.Set("X-Csrf-Token", "Fetch")
cli := &http.Client{}
res, _ := cli.Do(req)

inputMap := make(map[string]interface{})
inputMap["PriorityCodeText"] = "Normal"
inputJSON, _ := json.Marshal(inputMap)

url := "https://*******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi/OpportunityCollection"
request, _ := http.NewRequest("POST", url, bytes.NewBuffer(inputJSON))
request.Header.Set("Authorization", "Basic "+basicAuth)
request.Header.Set("X-Csrf-Token", res.Header.Get("X-Csrf-Token"))
request.Header.Set("Cookie", res.Header.Get("Set-Cookie"))
request.Header.Set("X-Requested-With", "XMLHttpRequest")
request.Header.Set("Content-Type", "application/atomsvc+xml")
request.Header.Set("DataServiceVersion", "2.0")
//request.Header.Set("Accept", "application/atom+xml")
client := &http.Client{}
resp, _ := client.Do(request)
fmt.Printf("Response status code is: %d", resp.StatusCode)
jsonResponseData, _ := ioutil.ReadAll(resp.Body)
fmt.Printf("Response is: %s", jsonResponseData)
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

相关推荐 更多相似问题