在将数据发布到odata服务时,CSRF令牌验证在nodejs中失败

时间:2016-11-24 14:29:00

标签: node.js post odata token csrf 

   var request = require('request');



                   username = "",
                   password = "",
                   url = "http://207.188.73.88:8000/sap/opu/odata/sap/ZTEE_TIME_SRV/ZTEERESERVESet(Time=time'PT11H00M00S',Date=datetime'2014-03-11T00%3A00%3A00',Location='TAJ',Number=3)",
                   auth = "Basic " + new Buffer(username + ":" + password).toString("base64");

我正在尝试将数据发布到odata服务,但问题是我无法从get服务获取有效令牌以在post方法中使用它我是第一次发送get方法

                        request(
                            {
                                url : url,

                                headers : {
                                    "Authorization" : auth,
                                    'x-csrf-token':'Fetch'

                                }

                            },
                            function (error, response, body) {
                                      //  console.log("JSON data " + response);
                                      // console.log("body" + body);

尝试获取要在帖子中使用的令牌                                           // console.log(response.headers); 

                                       request(
                            {
                                url : url,

                                 headers :  {

这里说无效令牌

                               "Authorization" : auth,
                                "X-CSRF-TOKEN":"u6piLO58XoK6udOkQ5Naww=="

                                },  
                        method: 'POST',
                        //Lets post the following key/values as form
                            form: {
                                    Time:'PT11H00M00S',

                                    Date:'2014-03-11T00%3A00%3A00',
                                    Location:'TAJ',
                                    Number:3 ,
                                        }

                            },
                            function (error, response, body) {
                                  console.log(body);     
                                }




                        );
                                }


                        );

1 个答案:

答案 0 :(得分:2)

我得到了解决方案。

我试图用POSTMAN做到这一点,它运行正常。 问题是,当我要求CSRF令牌时,它总是给我同样的回报。 但是当我尝试使用节点时,每次都是不同的。然后我意识到饼干丢失了。

就是这样,解决方案是至少在cookie次请求中发送POST

set-cookie请求的"Fetch"必须在Post请求旁边Cookie旁边x-csrf-token发送let headers = { "Authorization": "Basic " + new Buffer(username + ":" + password).toString("base64"), "Content-Type":"application/json", "Accept":"application/json", "x-csrf-token":"Fetch" // get CSRF Token for post or update }; // if you are using session vars if (req.session.headers && req.session.headers.cookie) { headers['Cookie'] = req.session.headers.cookie; } else { req.session.headers = {}; // initialize as object } let opts = { url: "https://{host}:{port}/sap/opu/odata/sap/MD_SUPPLIER_MASTER_SRV", qs: params1, // params set before, not set in the example headers: headers, json: true, } request(opts, (error: any, response: any, body: any): any => { if (!error && response.statusCode === 200) { if (response.headers["set-cookie"]) { req.session.headers.cookie = response.headers["set-cookie"]; // store Cookie in session headers['Cookie'] = req.session.headers.cookie; // set in headers for the next call. I guess this is the part you missed } if (response.headers['x-csrf-token']) { req.session.headers.csrf = response.headers['x-csrf-token']; // store csrf-token in session headers['x-csrf-token'] = req.session.headers.csrf; // set in headers for the next call } let options: request.Options = { url: "https://{host}:{port}/sap/opu/odata/sap/MD_SUPPLIER_MASTER_SRV/C_BusinessPartnerSupplierEdit", method: 'POST', headers: headers, qs: params2, // params set before json: true, } request(options, (error: any, response: any, body: any): any => { res.json(body); }); } });

我把这个例子放在打字稿中,但是在js中没有那么多变化,这个想法是一样的。

这个例子并不是最好的例子,但是要弄清楚它是如何工作的

ON_NEXT_RESUME

此致

相关问题
最新问题