- SAP Mobile Platform (SMP) client application gets correctly the CSRF Token in an HTTP GET request with X-CSRF-TOKEN: FETCH sent as a header
- HTTP GET request is sent to via the loadbalancer with X-CSRF-TOKEN header multiple times and returns multiple X-CSRF-TOKEN values.
- Issue is not reproducible if SMP is set to communicate with only one Netweaver gateway (without going via the loadbalancer).
- Netweaver Gateway responds with an "HTTP 403 CSRF token validation failed" to an HTTP POST request with the latest X-CSRF-TOKEN returned from an HTTP GET Request. The response from the Netweaver gateway looks like the one below:
HTTP/1.1 403 Forbidden
content-type: text/plain; charset=utf-8
server: SAP NetWeaver Application Server / ABAP 731
CSRF token validation failed
- Sybase Unwired Platform 2.2.x / SAP Mobile Platform 2.3.x-3.0.x
- oData Application type
- All Supported Mobile Operating Systems
Load Balancer third party , KBA , MOB-SUP-ODP , Sybase Unwired Platform Online Data Proxy , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.