ODATA: Testing using Advanced REST Client with CSRF-Token: Error 403 Forbidden

Hello,

I would like to try to test the batching of operations as described in a very good way and very detailled in http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40546820-3ea7-2f10-dfab-be373c0da357?QuickLink=index&…

As suggested in this How-To, I use the Advanced REST client via Chrome. I succeed in fetching the CSRF-Token but all attemps of using it, e.g. using the example in 5.3.1 Retrieval Query, cause the error 403 Forbidden. Calls by the web application designed for our project succeed.

Any hints of experienced users of this testing framework? An example of my attemps (with changed credentials/tokens/cookies) can be found below.

Kind regards,

Franz

Status

200 OK Show explanation Loading time: 780

Request headers

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36

Authorization: Basic 1111111=

X-CSRF-Token: Fetch

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

Cookie: sap-usercontext=sap-client=001

Response headers

set-cookie: MYSAPSSO2=1111; path=/; domain=.mydomain.lan; secure; HttpOnly

set-cookie: SAP_SESSIONID_DUQ_001=22222; path=/; secure; HttpOnly

content-type: application/atomsvc+xml

content-length: 933

x-csrf-token: TOKEN==

sap-metadata-last-modified: Mon, 10 Aug 2015 09:04:49 GMT

cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0

pragma: no-cache

expires: Tue, 03 Jul 2001 06:00:00 GMT

last-modified: Tue, 03 Nov 2015 11:57:40 GMT

dataserviceversion: 2.0

Status

403 Forbidden Show explanation Loading time: 341

Request headers

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36

Origin: chrome-extension://xxxxxx

X-CSRF-Token: TOKEN==

Authorization: Basic 1111111=

Content-Type: mulitpart/mixed; boundary=batch

Accept: */*

Accept-Encoding: gzip, deflate

Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

Cookie: sap-usercontext=sap-client=001

Response headers

set-cookie: MYSAPSSO2=1111; path=/; domain=.mydomain.lan; secure; HttpOnly

set-cookie: SAP_SESSIONID_DUQ_001=22222; path=/; secure; HttpOnly

content-type: text/plain; charset=utf-8

content-length: 42

x-csrf-token: Required

Response:

Validation of CSRF token failed (Original: "Validierung des CSRF-Tokens fehlgeschlagen")