Does cloud-sdk support GET for CSRF?

[vipulprabhu]

Ask the Question

Dear Colleagues,

We are using sap-cloud sdk to work with BTP destinations. In SAP Cloud SDK, CSRF token fetching is handled using a HEAD request by default. However, SAP OData services do not support HEAD for CSRF token retrieval and instead supports a GET request.
Given that OData only supports GET and not HEAD, how can we align Cloud SDK’s CSRF handling with SAP OData’s requirement? Is there a way to configure or override the default behavior?

Thanks,
Vipul.

[Jonas-Isr]

Hi @vipulprabhu,

as far as I am aware, most SAP deployed services on S/4HANA support HEAD requests for CSRF even though it is not part of the standard. Have you checked that this is actually no option in your use-case? From our SDK side, we do not recommend CSRF token retrieval via GET. Are you sure this is necessary?

If you are sure this is necessary, one option is to write a custom class for the token retrieval using GET requests. It will probably look very similar to what we do in our CsrfTokenRetriever interface (link to source).

Best,
Jonas

[CharlesDuboisSAP]

Hopefully that solves your problem. Closed for inactivity.