Solution : https://service.sap.com/sap/support/notes/1509214 (SAP Service marketplace login required)
Key words :
jsp</action-details-location> </xsrf-pages-config> <request-encoding>iso-8859-1</request-encoding> <regenerate-xsrf-token>login</regenerate-xsrf-token></xsrf-config>4 change jsp files4, sap</xsrf-url-pattern> <protected-http-method>post</protected-http-method> </xsrf-url-constraint> <xsrf-pages-config> <verification-page-location server-root-relative=, jsp</verification-page-location> <error-page-location server-root-relative=, jsp</captcha-location> <action-details-location server-root-relative=, jsp</error-page-location> <captcha-location server-root-relative=, > tc~je~xsrf~lib </reference-target></reference>3 add xsrf-config, > tc~je~webcontainer~public~api </reference-target></reference>, xsrf sda tc~je~xsrf~lib, \usr\sap\w08\jc93\j2ee\configtool ps, affected sap delivered jsp pages
Related Notes :
1597549 | Unauthorized modification of displayed content in FSCM_BD |
1537670 | Unauthorized usage of application functionality in FSCM_BD |
1516177 | XSRFJava:Adopt API-PSI Utility Customer E-Services |
1515190 | Composite SAP Note: Security of SAP Biller Direct |
1450166 | Unauthorized usage of application functionality |