I’m trying to call the POST method of a REST-API in our SAP system, however I can’t figure out a way to receive and send a CSRF-Token as is required using only a SmartObject. My goal is to confine the entire procedure to just a SmartObject without writing custom code that potentially needs to be maintained.
So far the biggest issue is not being able to filter through the header of the response I get when I send a GET request with x-csrf-token = fetch. As I also need to get a cookie for my post request, I can’t just grab the first line of the header (which is actually the csrf-token) and send it. I also can’t just copy the entire response header and send it, as the “cookie” variable in the response is actually called “set-cookie”.
I’ve tried disabling CSRF-validation in the backend and it does work. However I merely tried it for testing purposes and since it’s not recommended by SAP that’s not an option for me.
I thought maybe with an OData service instance it could work since it gives you options to repurpose the response header for your next request, but that also doesn’t quite do it.
Is there any way to make this happen without custom code or is there no feasible way to implement it like this in just a SmartObject?