Handling 'X-CSRF-Token' parameter in $http GET request followed by POST request to interface with cross domain (SAP).

767 views
Skip to first unread message

MSundaram S

unread,
Jul 17, 2014, 2:46:30 AM7/17/14
to ang...@googlegroups.com
Hello Angularites,

Good day!

I am beginner so excuse for this simple query.

Requirement:
Handling 'X-CSRF-Token' parameter in $http GET request followed by POST request to interface with cross domain (SAP System).

Query:

I am writing an Angular controller script to handle the cross domain $http request with SAP System. Though am successfully able to process the GET request and obtain data in JSON format, there is a need to obtain the 'X-CSRF-Token' value from response and use that token to pass in the input for POST request. But the token is missing in the output data.I have used 'Advanced REST Client' during testing when I provide the 'X-CSRF-Token' and 'Content-Type' values in headers as "Fetch" in GET request then only the token value ('X-CSRF-Token') comes the GET request response, that can be used for PUT request and both works. How to do include  'X-CSRF-Token' and 'Content-Type' values in my controller function?  I am just writing with simple view and a controller that triggers $http request. Could you please share your experience in this scenario with sample code. I have tried in different ways as below. But none of them returns token in the response. Even I have tried with 'ngcookies' and '$cookies' but it doesn't work itself (i think its irrelavant in this context).

......................
..............
serveApp.config(function ($httpProvider) {
    //Enable cross domain calls
    $httpProvider.defaults.useXDomain = true;
  $httpProvider.defaults.headers.post['x-csrf-token'] = "Fetch";
  $httpProvider.defaults.headers.post['Content-Type'] = "Fetch";
        });

......................
..............

alternatively as below
......................
..............
  var auth = $base64.encode($scope.CustDetails.userName+":"+$scope.CustDetails.password);              
        $http.defaults.headers.common['Authorization'] = 'Basic ' + auth;
 $http({
            method: "GET",
            url: baseURL,
            withCredentials  : true,
            "headers": {
                "xsrfHeaderName" : "Fetch",
                "Content-Type": 'Fetch'
                            }
              }).then(onGetcomplete, onGetError);
......................
......................
Regards,
Sundar.
Reply all
Reply to author
Forward
0 new messages