3689402 - iFlow failing with 403 forbidden Error when using CSRF Protection

Symptom

iFlow failing with 403 forbidden area with CSRF Protection enabled

Errors seen in http access logs:

10.X.XXX.X (redacted) - redacted [31/07/2025:13:27:05 +0000] "POST <iFlow Endpoint> HTTP/1.1" 403 1ms - 6a633bdf-cbd9-4e0d-6a68-ac5928676635
10.X.XXX.X (155.XXX.XXX.XXX) - - [31/07/2025:13:27:05 +0000] "POST <iFlow Endpoint> HTTP/1.1" 403 17ms - -

Corresponding errors in ljs traces:

2025-07-31 13:27:05#+0000#ERROR#com.sap.it.rt.adapter.http.filter.XSRFPreventionFilter#anonymous#http-nio2-8080-exec-3#com.sap.it.rt.adapter.https.http.component#na#na#na#na#POST <iFlow Endpoint> on behalf of user 'sb-f77e26e9-5737-4367-8a4f-df666afbfb72!b15160|<Tenant ID>': missing CSRF token)#6a633bdf-cbd9-4e0d-6a68-ac5928676635#10.0.201.4#1

Environment

- SAP Integration Suite
- SAP Business Technology Platform
- Cloud Integration

Product

Cloud Integration all versions ; SAP BTP, Neo environment 1.0 ; SAP Integration Suite 1.0

Keywords

CPI, HCI, Cloud Integration, Integration Suite, CSRF, Security, 403, Forbidden, HTTP, failed , KBA , LOD-HCI-PI-CON-HTP , HTTP Adapter , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.