Hello experts!
We encounter a strange behavior in one of our developments and I wonder if of you can help me out:
On our development system (D) We set up a SAPUI5 application that communicates with our SAP-backend system via a gateway. It contains of GET and UPDATE methods.
Everything went fine on our development system - we did not enable or disable any CSRF-parameters in the SICF-nodes... it just went fine!
Now as we transfer our application to the quality-system (Q), the CSRF-token-validation failed!
We have checked the network-resources in the chrome browser and in fact no token is returned!
At this point we started to amend a couple of things, we set the parameter ~CHECK_CSRF_TOKEN in our service and our bsp to '1', we explicitly request the token in the GET method and provide it at POST (but this does not work as we didn't get a token at all ....!), we changed the service URL from HTTP to HTTPS. Nothing worked in Q but everything worked in D!
Now comes the funny thing:
For testing reasons we have entered user and pw credentials at the bsp in SICF. As we tried to figure out if it could be a problem of authorization, we removed the user and entered it directly in the chrome-prompt that poped up as the system requests the page and then it works fine... even with the same user we entered at SICF!!!
Can anyone say anything to this?
Thanks a lot in advance!