8
Cookie header is not sent
planned
O
Ondřej Nekvinda
Hi, I am trying to set http header “Cookie” with the value "B1SESSION=xxxxxx", but in the chrome debug console this request is shown without any cookies. Every other header is sent as expected.
This functionality is needed for SAP Business One Service Layer session verification, as I am required to send cookie B1SESSION to the service.
Forum post:
Regards,
Ondrej Nekvinda
Log In
J
Jere Robles
Hi,
For security reasons, websites are not allowed to set cookies for domains other than their own, meaning that manually injecting cookies into the request is just not possible. This is not a limitation with AppGyver, it is how browsers are designed to function.
The technical solution would be to allow setting credentials: you would need to do a separate request (for example to /login endpoint) for which the response has a Set-Cookie header, and allow the browser to handle the cookies.
Now, there seem to be two issues at hand.
First is that by default, browsers will prevent requests made from a website to a third party from setting cookies[1]. This is configurable but at the moment AppGyver does not expose a way of changing this setting. We are however analyzing the best way to enable this across the product.
Secondly, even if the setting mentioned above is enabled, the server needs to whitelist the domain from which the request originated in order to comply with CORS rules[2]. This is controlled by the server and AppGyver has no way of influencing it.
However, in order to consume SAP APIs it is highly recommended that you use the official integration that enable to connect your apps with SAP BTP Destinations[3].
Follow the steps in this guide to create a SAP BTP Account and connect Destinations with AppGyver: https://docs.appgyver.com/docs/btp
Kind regards,
Jere
K
Kirill Leventcov
planned
The following issue has been re-directed to the development team.
V
Valter de Brito
Kirill Leventcov: Any news on the subject? Any video or manual on how to solve this?
K
Kirill Leventcov
Valter de Brito:
Please see the response above. There is currently no fix, as the issue is cased by external systems, not AppGyver.
O
Ondřej Nekvinda
Hello, please look into this issue.
O
Ondřej Nekvinda
Hi, any news regarding this issue? Its under review since September.
T
Timo Kapanen
under review
L
Luca Brescancin
Hi to all,
I have same problem with REST API direct integration: I have to send back to the server a cookie with a tokenId inside but it is impossible to send cookie header. If I investigate with code inspector on chrome I find no cookie on request headers.
body response is:
"ReactiveMyQttWebInterface.HomeController: Unable to start request for service: /pull, no cookie configured (header tokenId). You'll will have to logout and login"
I've tried also to use a raw HTTP request with same result.
Obviusly, if I try to use service to make a REST API online (like reqbin) with correct cookie works perfectly.
Regards
Luca Brescancin