I'm currently trying to setup a web-socket server on an SAP application server as a proof of concept. The application which is connecting to the web-socket server is not going to be a UI5 or WebDynpro application but just a middle-ware program running on a headless computer.
Following a quick guide, I've setup the push channel and I have an object with the interface methods ON_START, ON_MESSAGE and etc. I'm currently testing the interface using wscat which you can get from npm.
When I tried connecting to my service for the first time using wscat I was receiving a HTTP 500 error.
I wasn't sure why I was getting the 500 error, so I tried to access the URL via http and a web browser to see what was happening.
500 SAP Internal Server Error
ERROR: Cross-Site Request Forgery (XSRF) check has failed ! (termination: ABORT_MESSAGE_STATE)
I had seen these tokens also in use by Gateway services, so I had created a quick gateway service and sent a GET request with X-CSRF-Token: Fetch except the token that I get from this doesn't work when I attempt to use uri parameter sap-XSRF.
Going forward, I started to debug CL_APC_MANAGER function HANDLE_REQUEST to see if my request comes in at all. I also wanted to trace where the origin of the 500 error comes from. I've managed to trace it back to CL_APC_MANAGER method CHECK_XSRF.
METHOD check_xsrf.
DATA: lv_xsrf_token TYPE string.
*
* validate XSRF token
*
lv_xsrf_token = i_server->request->get_form_field( name = if_http_form_fields_sap=>sap_xsrf ).
IF lv_xsrf_token IS INITIAL.
lv_xsrf_token = i_server->request->get_header_field( name = if_http_form_fields_sap=>sap_xsrf ).
ENDIF.
IF lv_xsrf_token IS INITIAL.
r_successful = abap_false.
ELSE.
CALL METHOD i_server->validate_xsrf_token
EXPORTING
token = lv_xsrf_token
IMPORTING
successful = r_successful
EXCEPTIONS
token_not_found = 1
cookie_not_found = 2
internal_error = 3
called_by_public_service = 4
OTHERS = 5.
IF sy-subrc <> 0 OR abap_false = r_successful.
r_successful = abap_false.
ELSE.
r_successful = abap_true.
ENDIF.
ENDIF.
ENDMETHOD.
If I skip this check manually with the debugger, than I'm able to connect to my web-socket server without a problem.
However I'm not sure at all how I'm actually supposed to get this token before attempting to connect. I noticed the XSRF Tokens are saved in database table SECURITY_CONTEXT. The only problem is an entry is created in this table with the key I need to have after I attempt to connect. I need it before and I'm not sure what the procedure is for retrieving a token properly.
Is there anybody with previous experience using these that can shed some light? Thanks in advance.
EDIT I'm using Version 740 with Service Pack 4.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/K7jjQ.png', '推荐 闹够了就滚 的文章《ABAP Websocket Server XSRF Token》','https://www.manongdao.com/article-876994.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}