堆栈内存溢出
  简体   繁体   English

如何在对 SAP HANA 的 Alexa POST 请求中正确设置 X-CSRF-Token? (403 错误)

[英]How do I set the X-CSRF-Token correctly in an Alexa POST Request to SAP HANA? (403 error)

 原文  2017-12-19 19:46:08       http/ token/ hana/ alexa

问题描述

I have a problem with the x-csrf-token validation with regard to a HTTPS-Post-Request.我对 HTTPS-Post-Request 的 x-csrf-token 验证有疑问。 The request comes from a Lambda function triggered by an Amazon Alexa skill and is sent to a XSO Data file running on the SAP Cloud Platform in an SAP HANA Database.该请求来自由 Amazon Alexa 技能触发的 Lambda 函数,并被发送到在 SAP HANA 数据库中的 SAP Cloud Platform 上运行的 XSO 数据文件。 I use Javascript/Node.js.我使用 Javascript/Node.js。

A valid token is set in the request header (see code in the first picture below) but the response header shows for the x-csrf-token "required" (see code in the second picture below).请求标头中设置了有效令牌(请参阅下面第一张图片中的代码),但响应标头显示的是 x-csrf-token“必需”(请参阅​​下面第二张图片中的代码)。 So there is an error with the validation.所以验证有错误。 The same post request with POSTMAN works correctly, but when I try it via a JS File as a Lambda function (in the first picture) there it comes this error with HTTP status code 403 (see code in the second picture below). POSTMAN 的相同发布请求工作正常,但是当我通过 JS 文件作为 Lambda 函数(在第一张图片中)尝试它时,会出现 HTTP 状态代码 403 的错误(请参阅下面第二张图片中的代码)。 The POST request itself does work, but the token validation not. POST 请求本身有效,但令牌验证无效。 GET requests work fine. GET 请求工作正常。

Does anybody know a possible solution?有人知道可能的解决方案吗?

Thank you very much!非常感谢你!

1.picture: request 1.图片:要求

2.picture: response 2.图片:响应

2 个解决方案

解决方案1
 0 已采纳  2018-01-15 20:47:39

Please try to get the csrf token first before setting it to the request body.请先尝试获取 csrf 令牌,然后再将其设置为请求正文。 CSRF token changes from device to device as well as the timeframe. CSRF 令牌随设备以及时间范围而变化。 I also had a similar issue, and upon implementing the above solution, it started working perfectly.我也有类似的问题,在实施上述解决方案后,它开始完美运行。

解决方案2
 0  2020-12-12 09:10:23

I am writing this as a separate answer as I had an issue in Spring Boot RestTemplate call.我写这个作为一个单独的答案,因为我在 Spring Boot RestTemplate 调用中遇到了问题。 I could arrive at a solution after going through this article.看完这篇文章后,我可以得出一个解决方案。 SAP CSRF Issue SAP CSRF 问题

Basically the "set-cookie" header is instructing the browser to set the "Cookie" header.基本上,“set-cookie”标头指示浏览器设置“Cookie”标头。 All one has to do (apart from x-csrf-token) is to replace the comma in the string of the cookie with a semicolon.所有需要做的(除了 x-csrf-token)就是用分号替换 cookie 字符串中的逗号。 Then set the header "Cookie" to this replaced value;然后将标题“Cookie”设置为这个替换值;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 java REST 客户端中获取有效的 X-CSRF-TOKEN? - how to get valid X-CSRF-TOKEN in java REST Client? x-csrf令牌验证在HttpPost上失败 - x-csrf-token validation fails on HttpPost AngularJS在$ http.get中删除`x-csrf-token` - AngularJS remove `x-csrf-token` in $http.get HTTP状态403-CSRF值错误或丢失,但设置了csrf令牌 - HTTP Status 403 - Bad or missing CSRF value but the csrf token is set 如何为要发送POST请求的iPhone和Android应用程序生成Django CSRF密钥? - How do I generate a Django CSRF key for my iPhone and Android apps that want to send a POST request? 如何在python中的http请求上添加csrf令牌? - How can I add a csrf token on a http request in python? SAP CPI HTTP Post 如何传递令牌 - SAP CPI HTTP Post how to pass token 为什么我在没有 CSRF 令牌的情况下在 Laravel 的 HTTP 帖子上得到 301 响应? - Why do I get a 301 response on HTTP post to Laravel without CSRF token? 如何在第一个请求中传递 csrf-token - how to pass csrf-token in first request 使用 dio 在发布请求中出现颤振错误 403 - flutter error 403 in post request using dio
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM