CSRF Protect in processor

Go to solution
RatneshTSN
Giga Guru

‎12-16-2017 06:02 AM

Do anyone know, how to use in CSRF token in processor.

I have created processor & I want to explore *CSRF protect* option.

If I make it active, how it will be called, I am not finding any help in servicenow docs, or any online posts

Here is what I check or tried

1. Checked the sys_properties, it is true

find_real_file.png

2. Enable it on processor

find_real_file.png

3. Access it, getting 401, unauthorized

find_real_file.png

4. Without CSRF enable, its working fine

find_real_file.png

5. How I can pass CSRF token to the URL, first thing I want to understand where it is set in system & its working.

Any help would be great.

Thanks, in advance.

Preview file
81 KB
Preview file
49 KB
Preview file
26 KB
Preview file
6 KB
0 Helpfuls
  • 3,125 Views
1 ACCEPTED SOLUTION

Go to solution
Ravish Rawat
ServiceNow Employee
ServiceNow Employee
In response to RatneshTSN

‎01-16-2019 11:59 AM

Hi Ratnesh,

Got it working. Here is the solution

pass the parameter 'sysparm_ck' in the url and use gs.getSessionToken() to set the value. if you are using the scoped application you should use the alternative of gs.getSessionToken() which you can find in the API section.

 

Something like

https://yourinstance.service-now.com/test?sysparm_ck=ef7694294f07230038663cb28110c7cfe7008b31e34a74257593facbc10c901510bca07f

View solution in original post

5 REPLIES 5

Go to solution
Ravish Rawat
ServiceNow Employee
ServiceNow Employee
In response to RatneshTSN

‎01-16-2019 11:59 AM

Hi Ratnesh,

Got it working. Here is the solution

pass the parameter 'sysparm_ck' in the url and use gs.getSessionToken() to set the value. if you are using the scoped application you should use the alternative of gs.getSessionToken() which you can find in the API section.

 

Something like

https://yourinstance.service-now.com/test?sysparm_ck=ef7694294f07230038663cb28110c7cfe7008b31e34a74257593facbc10c901510bca07f