Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Creating SalesQuoteItem for SalesQuote on C4C fails for technical user where no x-csrf-token is needed and C4C response with 500

See original GitHub issue

Hi, we generated standard c4c odata client for our C4C Cloud System and i can create some entities, but not all. As example we get error with creating SalesQuoteItem because cloud-sdk tries to get CSRF Token and C4C responds with 500.

Here our code:


   const SalesQuoteCollection = SalesQuote.requestBuilder();
   const SalesQuoteItemBuilder = SalesQuoteItem.builder();
   const SalesQuoteItemCollection = SalesQuoteItem.requestBuilder();

    const existingSalesQuote = await SalesQuoteCollection.getByKey(parentObjectId)
      .select(SalesQuote.OBJECT_ID)
      .execute(destination);

   console.log('existingSalesQuote:', existingSalesQuote);

    const newSalesQuoteItem = SalesQuoteItemBuilder.productInternalId(C4C_SALES_QUOTE_ITEM_PRODUCT_INTERNAL_ID)
      .processingTypeCode(C4C_SALES_QUOTE_ITEM_PROCESSING_TYPE_CODE)
      .zSalesQuoteFormattedTextKut('')
      .build();

    const query = SalesQuoteItemCollection.create(newSalesQuoteItem).asChildOf(existingSalesQuote, SalesQuote.SALES_QUOTE_ITEM);

    const result = await query.execute(destination).catch((err) => {
      console.log('Error:', err.message);
      console.log('Cause:', err.cause?.message);
      console.log('Root cause:', err.rootCause?.message);
      throw new Error(err);
    });

As result, we can get SalesQuote (check log below with ID:00163EAB5C8B1EEBA4F1F487709ACDDF), but creating SalesQuoteItem crash and event don’t do any https request. I tried to use Proxy to verify it:

[2021-04-08T13:52:07.987Z] WARN     (http-client): The custom headers are provided with the keys: authorization,content-type,accept. These keys will overwrite the headers created by the SDK.
[2021-04-08T13:52:07.987Z] WARN     (authorization-header): Found custom authorization headers. The given destination also provides authorization headers. This might be unintended. The custom headers from the request config will be used.
[2021-04-08T13:52:08.834Z] WARN     (response-data-accessor): The given reponse data has the format for collections instead of the standard OData v2 format for single results.
existingSalesQuote: SalesQuote { objectId: '00163EAB5C8B1EEBA4F1F487709ACDDF' }
[2021-04-08T13:52:08.842Z] WARN     (http-client): The custom headers are provided with the keys: x-csrf-token,authorization. These keys will overwrite the headers created by the SDK.
[2021-04-08T13:52:08.842Z] WARN     (authorization-header): Found custom authorization headers. The given destination also provides authorization headers. This might be unintended. The custom headers from the request config will be used.
[2021-04-08T13:52:09.293Z] ERROR    (csrf-token-header): ErrorWithCause: Initial try to fetch CSRF token failed - retry without slash at 
    at new ErrorWithCause (node_modules/@sap-cloud-sdk/util/src/error-with-cause.ts:13:5)
    at node_modules/@sap-cloud-sdk/core/src/connectivity/scp-cf/csrf-token-header.ts:62:9
    at processTicksAndRejections (node:internal/process/task_queues:94:5)
Caused by:
Error: Request failed with status code 500
    at createError (node_modules/axios/lib/core/createError.js:16:15)
    at settle (node_modules/axios/lib/core/settle.js:17:12)
    at IncomingMessage.handleStreamEnd (/node_modules/axios/lib/adapters/http.js:260:11)
    at IncomingMessage.emit (node:events:381:22)
    at endReadableNT (node:internal/streams/readable:1307:12)
    at processTicksAndRejections (node:internal/process/task_queues:81:21)
[2021-04-08T13:52:09.294Z] WARN     (http-client): The custom headers are provided with the keys: x-csrf-token,authorization. These keys will overwrite the headers created by the SDK.
[2021-04-08T13:52:09.294Z] WARN     (authorization-header): Found custom authorization headers. The given destination also provides authorization headers. This might be unintended. The custom headers from the request config will be used.
Error: Create request failed!
Cause: Constructing headers for OData request failed!
Root cause: Request failed with status code 500

Here what it tries to do:

image

And here Query with 500:

image

So, it tries twice get Token. Redirect issue comes from some workarround for axios and don’t cause problems. But after second request get 500 as response it send back undefined as headers and crash. There is allowed way to work with C4C without X-CSRF Token. Please give me some idea how to set request ?

Also related Block for C4C with technical user: https://blogs.sap.com/2020/10/24/no-need-for-csrf-token-when-calling-c4c-odata/

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
jjtang1985commented, Apr 8, 2021

Hi @nazarkulyk,

thank you for your answer.

Since this is not blocking your current development, I’ll mark it as medium priority and hopefully we can work on it next week.

Could you please also try the canary version of the sdk core, which contains an improvement so the SDK will make a real request (create request) without the csrf token when the csrf token fetching request fails?

1reaction
jjtang1985commented, Apr 19, 2021

Hi all, now you are able to skip fetching the csrf token by using our new feature. Here is an example:

 BusinessPartner.requestBuilder()
   .update(businessPartner)
   .skipCsrfTokenFetching();

By doing so, it will improve the performance of non-GET requests, since the unnecessary token requests will be skipped.

Please note, the feature is currently available in the canary version and will be released in the next minor version.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Sales Quote error in C4C - SAP Community
When we create a sales quote in C4C and save, it is Opening and not getting any error. The replicated ones (sales contract)...
Read more >
CSRF token validation failed - SAP Business Application ...
Debugging a CAP + Cloud SDK app in BAS using a destination with type on-premise fails with "CSRF Token validation failed" (OData read/select ......
Read more >
Connecting to SAP Cloud for Customer from a Mobile App ...
I came up with the idea of an app that enables customers to view and create service requests in the Cloud for Customer...
Read more >
SAP C4C Interview Questions and Answers - myTectra
Explain key objectives? Ans:SAP Cloud for customer C4C is a cloud solution to efficiently manage customer sales, customer service and marketing ...
Read more >
SAP Sales Cloud - OData API POST Request for creating
With SAP Sales Cloud - Cloud 4 Customer - C4C POST request it is possible ... The x‑csrf token is the most important...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Failed to fetch instance destinations. (Timed out after 10000ms)

Next page

One-to-one navigation properties with value null