Closed a-thaler closed 1 year ago
This issue or PR has been automatically marked as stale due to the lack of recent activity. Thank you for your contributions.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
If you think that I work incorrectly, kindly raise an issue with the problem.
/lifecycle stale
Not much traction on the project anymore, so very unlikely that it will happen
There are ODATA APIs protected with CRSF. For that you need to assure that the relevant CRSF data returned on the first call of a user session are used in subsequent calls as well
Details: On the first request of a session you need to fetch a token by setting 'X-csrf-token': 'fetch' request header. In consequence, you need to store the returned token and cookie from the token response headers ('x-csrf-token', 'set-cookie')
Any subsequent call the token and the cookies must be provided, otherwise a 4xx error must be retuened: 'X-csrf-token': '$TOKEN' 'cookie' : $COOKIE'
See also https://github.com/kyma-project/kyma/issues/2852
AC: The odata-mock will support fetching token and cookie and will do validation of them on incoming requests.