Stop googling SAP errors. Use our Free Essentials plan instead - no credit card needed. Start Now

Close
  1. SAP Error Message
  2. Message Class WEBDYNPRO_RT
  3. WEBDYNPRO_RT025

How To Fix WEBDYNPRO_RT025 - Commit canceled; request is not XSRF-checked


Instant HelpGet instant SAP help. Sign up for our Free Essentials Plan.

SAP Error Message - Details

  • Message type: E = Error

  • Message class: WEBDYNPRO_RT - Message class of Web Dynpro runtime

  • Message number: 025

  • Message text: Commit canceled; request is not XSRF-checked

  • Show details Hide details

  • What causes this issue?

    The active request could not be checked against XSRF attacks. The
    application attempted anyway to execute a commit work to the database.

    System Response

    The Web Dynpro ABAP framework interrupts the commit work with an error
    message.

    How to fix this error?

    When changes are made to the database, ensure that the request can be
    checked against XSRF beforehand. With stateless applications this can be
    done by using method POST-UPDATE for the Form UI element. This ensures
    that relevant security features can be assigned for the request.

    Procedure for System Administrators

    The system issues an error message and will not allow you to continue with this transaction until the error is resolved.


    Error message extract from SAP system. Copyright SAP SE.


Smart SAP Assistant

  • What is the cause and solution for SAP error message WEBDYNPRO_RT025 - Commit canceled; request is not XSRF-checked ?
    The SAP error message:
    

    WEBDYNPRO_RT025 Commit canceled; request is not XSRF-checked
    

    

    Cause
    

    This error occurs in SAP Web Dynpro applications when a commit operation is attempted but the HTTP request has not passed the XSRF (Cross-Site Request Forgery) token check. SAP Web Dynpro uses XSRF tokens to protect against CSRF attacks by ensuring that state-changing requests (like commits) come from a trusted source.
    

    If the request does not contain a valid XSRF token or the token is missing/invalid, the framework cancels the commit to prevent potential security risks.
    

    

    Explanation
    

      

    • XSRF Token: A security token generated by the server and sent to the client. The client must send it back with any state-changing requests.
      • 

    • Commit operation: When the application tries to save or update data in the backend.
      • 

    • If the token is missing or invalid, the framework raises this error to prevent unauthorized or forged requests.
      • 

    

    

    Solution
    

      

    1. 

      Ensure XSRF Token is Requested and Sent Properly
      

        

      • When making state-changing calls (POST, PUT, DELETE), the client must first request an XSRF token from the server.
        • 

      • The token is usually retrieved by sending a GET request with the header:
        X-CSRF-Token: Fetch
        

        • 

      • The server responds with a token in the response header:
        X-CSRF-Token: <token_value>
        

        • 

      • The client must then include this token in the header of subsequent state-changing requests:
        X-CSRF-Token: <token_value>
        

        • 

      

      2. 

    2. 

      In Web Dynpro ABAP
      

        

      • If you are developing or customizing Web Dynpro applications, ensure that the framework or your code properly handles the XSRF token.
        • 

      • Use the standard Web Dynpro APIs to handle commit operations, which internally manage XSRF tokens.
        • 

      • Avoid manual commit calls without proper token handling.
        • 

      

      3. 

    3. 

      Check for Custom Code or Extensions
      

        

      • If you have custom code or enhancements that perform HTTP requests or commits, verify that they correctly handle the XSRF token.
        • 

      • For example, in custom JavaScript or AJAX calls, implement the token fetch and send logic.
        • 

      

      4. 

    4. 

      SAP Notes and Patches
      

        

      • Check for relevant SAP Notes that might address bugs or improvements related to XSRF token handling in your SAP NetWeaver or Web Dynpro version.
        • 

      

      5. 

    

    

    Related Information
    

      

    • 

      SAP Help on XSRF Protection:
      
SAP Help Portal - XSRF Protection
      

      • 

    • 

      SAP Community Discussions:
      
Search for "WEBDYNPRO_RT025" or "XSRF token commit canceled" for community solutions and examples.
      

      • 

    • 

      Web Dynpro ABAP Programming Model:
      
Ensure you follow the recommended patterns for commit and transaction handling.
      

      • 

    

    

    Summary
    

    


    
Aspect
Description

    
    


    
Cause
Commit canceled because the HTTP request lacks a valid XSRF token (security check failed).

    

    
Effect
Data changes are not saved; error message WEBDYNPRO_RT025 is raised.

    

    
Solution
Ensure the client fetches and sends the XSRF token with commit requests; fix custom code.

    

    
Prevention
Use standard Web Dynpro APIs and follow SAP security guidelines for XSRF protection.

    
    

    

    

    If you provide more details about your scenario (custom code, Web Dynpro version, how the commit is triggered), I can help with more specific guidance.

    • Do you have any question about this error?


      Upgrade now to chat with this error.

Instant HelpGet instant SAP help. Sign up for our Free Essentials Plan.


Related SAP Error Messages

Click the links below to see the following related messages:

Click on this link to search all SAP messages.


Rating
ERPlingo simplifies finding the accurate answers to SAP message errors. I now use every week. A must have tool for anyone working with SAP! Highly recommended!
Rate 1
Kent Bettisworth
Executive SAP Consultant