- SAP Mobile Platform (SMP) client application gets correctly the CSRF Token in an HTTP GET request with X-CSRF-TOKEN: FETCH sent as a header
- HTTP GET request is sent to via the loadbalancer with X-CSRF-TOKEN header multiple times and returns multiple X-CSRF-TOKEN values.
- Issue is not reproducible if SMP is set to communicate with only one Netweaver gateway (without going via the loadbalancer).
- Netweaver Gateway responds with an "HTTP 403 CSRF token validation failed" to an HTTP POST request with the latest X-CSRF-TOKEN returned from an HTTP GET Request. The response from the Netweaver gateway looks like the one below:
HTTP/1.1 403 Forbidden
content-type: text/plain; charset=utf-8
server: SAP NetWeaver Application Server / ABAP 731
CSRF token validation failed
- Sybase Unwired Platform 2.2.x / SAP Mobile Platform 2.3.x-3.0.x
- oData Application type
- All Supported Mobile Operating Systems
Load Balancer third party , KBA , MOB-SUP-ODP , Sybase Unwired Platform Online Data Proxy , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.