I worked with Ed on this one through a support ticket. The 403 errors were due to CSRF protections on the microservice, as the service was then expecting a CSRF token for the POST request. To allow the call to work, it was necessary to modify the code a bit to retrieve a CSRF token from /casManagement via a HEAD request, and then include it on the subsequent POST request to the same endpoint. The code snippet added was below.
const csrfResponse = await fetch('/casManagement', {
method: 'HEAD'
});
// Test the fetch response
if (!csrfResponse.ok) {
const message = `Fetch error with status code: ${csrfResponse.status}`;
throw new Error(message);
}
var csrfToken = csrfResponse.headers.get("X-CSRF-TOKEN");
// Define request header object
var reqHeader = new Headers();
reqHeader.append("Authorization", "Bearer " + accessToken);
reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json");
reqHeader.append("Accept", "application/vnd.sas.cas.session+json");
reqHeader.append("X-CSRF-TOKEN", csrfToken );
// Fetch the session id with a valid access token
try {
const response = await fetch('/casManagement/servers/cas-shared-default/sessions', {
method: 'POST',
headers: reqHeader,
redirect: 'follow'
});
......
... View more