on 10-24-2023 11:16 AM
Dear Community,
When publishing an API on API Mangement with Resources (OpenAPI/Swagger) from an OnPrem system, it won't let you expose HEAD Resource.
Why this is a problem?: This is a problem because SAP CDS library if you use "await cds.connect.to("API")" and your API/Connection is in the package.json like so:
"cds": {
"requires": {
"API": {
"kind": "odata",
"credentials": {
"destination": "DEST_API",
}
"csrf": true
}
}
}
This will do always a HEAD request to obtain the token then it will always fail and changing OpenAPI decalration on API Management does not make sence because can be refreshed anytime, also was trying to fork @sap/cds to do a Pull Request on adding the propertie like ("crsfMethod": "GET") but there is no public repo for CAP libraries.
Anyone can help on this?
Already implemented Policies on API Management that handles the CRSF token but I do not think is a good way for our case.
Thanks in advance Community,
Roc
Hello Roc,
We have introduced a new feature for remote services to address more advanced scenarios related to CSRF-token handling. We have provided an API allowing you to customize the HTTP method (the default is head) to fetch the CSRF token. The new API will be available in the upcoming release of CAP.
You can utilize the following parameters method and url in the configuration of your remote services:
"cds": {
"requires": {
"API_BUSINESS_PARTNER": {
"kind": "odata",
"model": "srv/external/API_BUSINESS_PARTNER",
"csrf": {
"method": "get",
"url": "..."
}
}
}
}
Here's a breakdown of the customization options:
- method: Specifies the HTTP method for fetching the CSRF token. The default is set to head.
- url: Defines the URL for fetching the CSRF token. The default setting is the resource path without parameters.
For more detailed information, please consult the pull request documentation on GitHub at the following link:
feat(remote): advanced configurable CSRF token fetching
Thanks, and kind regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Arley,
Love to listen that you have implemented it, will be expecting this release.
You guys rock!!
User | Count |
---|---|
68 | |
8 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.