OData. Can't set odata csrf token

[tbw777]

Version 2.3.7 Odata sap.

Can't set odata csrf token and cookies fore generated service. Not found answer for a long time at internet or code.

For csrf i also tried (without result at sniffer):

        ClientResource resource = service.createResource("/LoQmHeaderSet");

        resource.setAttribute("X-CSRF-Token", "Fetch");

        attributes.put("X-CSRF-Token", "Fetch");
        resource.getRequest().setAttributes(attributes);

        resource.getRequest().getAttributes().put("X-CSRF-Token", "Fetch");

        Series<Header> headers = (Series<Header>) resource.getRequestAttributes().get(
                "org.restlet.http.headers");
        if(headers == null) {
            headers = new Series<>(Header.class);
        }
        headers.add("X-CSRF-Token", "Fetch");

Also restlet always request root xml without authorization. How to fix this?

But i want it to set at service contruction (with "X-Csrf-Token: Fetch") and cookies too.

I have 403 error without token and(!) cookie.

UPD. Token can changed unpredictably for different urls

[thboileau]

Hello @AndrewBryukhov , I've updated the 2.3 branch (will be part of 2.3.8). With the fix, I'm able to use this code with no error:

AndrewService service = new AndrewService();
service.setCredentials(new ChallengeResponse(ChallengeScheme.HTTP_BASIC, "login", "password"));

ClientResource resource = service.createResource("/LoQmHeaderSet");
resource.getRequest().getHeaders().add("X-CSRF-Token", "Fetch");
resource.get().write(System.out);

If you want to use cookies: you can memorize them from the first call, then reuse them later:

Series<Cookie> cookies = new Series<Cookie>(Cookie.class);
for (CookieSetting cookieSetting : resource.getCookieSettings()) {
    cookies.add(cookieSetting.getName(), cookieSetting.getValue());           
}

// then reuse
resource.setCookies(cookies);

[tbw777]

Great. I found in http sniffer that first request (after construction service) is always return 401 (if auth is need).