I have developed a Fiori mobile app which is based on SAP Hybrid Application Toolkit framework. I have a requirement in application to attach the file from my mobile device and save it in backend ECC system. I am using UploadCollection control for the same.
As we know, we have to send the CSRF token along with the post call to send the attachment to the backend system.
Now, to get the CSRF token first, I have tried multiple ways :
- Get CSRF Token using OData Model getSecurityToken()
var oDataModel = this.getView().getModel("Offline");
var sST = oDataModel.getSecurityToken();
This is giving me value as undefined in both Android and IOS hybrid apps. However, i am getting CSRF value here in case i am running it directly from browser. I am passing "X-CSRF-Token" with value "Fetch" as well in request header.
- Get CSRF Token using OData Model refreshSecurityToken()
Again, CSRF token is missing in response header in both Android and IOS hybrid apps but working fine in browser. I am passing "X-CSRF-Token" with value "Fetch" as well in request header.
Get CSRF Token using AJAX call:
var url1 = this.getOwnerComponent().getModel("Offline").sServiceUrl; $.ajax({ url: url1, headers: { "X-Requested-With": "XMLHttpRequest", "DataServiceVersion": "2.0", "cache-control": "no-cache", "X-CSRF-Token": "Fetch" }, type: "GET", contentType: "application/json", dataType: "json", cache: false, crossDomain: true, async: true, xhrFields: { withCredentials: true }, success: function (data, textStatus, jqXHR) { this._csrfToken = jqXHR.getResponseHeader("x-csrf-token"); MessageBox.success("Success in Ajax call. Token is : " + this._csrfToken); }.bind(this), error: function (XMLHttpRequest, textStatus, errorThrown) { MessageBox.error(XMLHttpRequest.statusText); } });
This piece of code worked perfectly fine in Android Hybrid app and attachment was saved in the backend successfully. But it is throwing Forbidden error in IOS device.
Kindly help me with your expertise in resolving this issue.
