feat(remote): advanced configurable CSRF token fetching for [email protected] (#…

…556) * feat(csrf): advanced configurable CSRF token fetching * WIP * Update node.js/remote-services.md * Update node.js/remote-services.md Co-authored-by: René Jeglinsky <[email protected]> * Update node.js/remote-services.md Co-authored-by: René Jeglinsky <[email protected]> * Update node.js/remote-services.md Co-authored-by: René Jeglinsky <[email protected]> * Update node.js/remote-services.md Co-authored-by: Johannes Vogel <[email protected]> --------- Co-authored-by: René Jeglinsky <[email protected]> Co-authored-by: Johannes Vogel <[email protected]>
cap-js · Dec 11, 2023 · 77caef4 · 77caef4
1 parent 8afb7a4
commit 77caef4
Showing 1 changed file with 30 additions and 1 deletion.
diff --git a/node.js/remote-services.md b/node.js/remote-services.md
@@ -34,7 +34,9 @@ Class `cds.RemoteService` is a service proxy class to consume remote services vi
 
 ### CSRF-Token Handling
 
-If the remote system you want to consume requires it, you can enable the new CSRF-token handling of `@sap-cloud-sdk/core` via configuration options: `csrf: true/false` and `csrfInBatch: true/false`. These options allow to configure CSRF-token handling for each remote service separately. Global configuration `cds.env.features.fetch_csrf = true` is deprecated.
+If the remote system you want to consume requires it, you can enable the new CSRF-token handling of `@sap-cloud-sdk/core` via configuration options `csrf` and `csrfInBatch`. These options allow to configure CSRF-token handling for each remote service separately.
+
+#### Basic Configuration
 
 ```json
 "cds": {
@@ -48,6 +50,33 @@ If the remote system you want to consume requires it, you can enable the new CSR
     }
 }
 ```
+
+In this example, CSRF handling is enabled for the `API_BUSINESS_PARTNER` service, for regular requests (`csrf: true`) and requests made within batch operations (`csrfInBatch: true`).
+
+#### Advanced Configuration
+
+Actually `csrf: true` is a convenient preset. If needed, you can further customize the CSRF-token handling with additional parameters:
+
+```json
+"cds": {
+    "requires": {
+        "API_BUSINESS_PARTNER": {
+            [...]
+            "csrf": {  // [!code focus]
+              "method": "get",  // [!code focus]
+              "url": "..."  // [!code focus]
+            }
+        }
+    }
+}
+```
+
+Here, the CSRF-token handling is customized at a more granular level:
+
+ - `method`: The HTTP method for fetching the CSRF token. The default is `head`.
+ - `url`: The URL for fetching the CSRF token. The default is the resource path without parameters.
+
+
 ::: tip
 See [Using Destinations](../guides/using-services#using-destinations) for more details on destination configuration.
 :::