/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
When CSRF token protection is disabled for custom OData V2 services, observe that:
-
The HTTP header
X-Requested-Withis mandatory -
Requests fail if the header is missing
-
However, the value of the header appears to be arbitrary
-
Examples such as
"x","test","abc"all work
-
Read more...
Environment
- SAP S/4HANA
- SAP Gateway
Keywords
csrf token, odata v2 services, x-requested-with header, arbitrary header value, middleware, sap note 2751277, sap s/4hana, custom odata services, header validation, disable csrf protection, sap business partner module. , KBA , OPU-GW-COR , Framework , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)