public class CSRFTokenObserver : SAPURLSessionObserving

This observer is responsible to set the required X-CSRF-Token header for communication with services exposed by SAPcpms. To enable this functionality you need to register this observer to an SAPURLSession instance. For token storing the CSRFTokenStoring protocol is used.

This is an example for a basic usage of this observer if you have one root URL for every CSRF token request: The rootUrl parameter is the URL from which the CSRF token will be requested.

let urlSession: SAPURLSession = <#SAPURLSession instance#>
let rootUrl: URL = <#your root URL#>

let csrfTokenObserver = CSRFTokenObserver(rootUrl: rootUrl)

If you have multiple CSRF protected backends and these backends accept different CSRF tokens you must implement CSRFTokenURLProviding protocol to provide CSRF URL for different request URL’s. For token storing the CSRFTokenStoring protocol is used.

class myCSRFTokenURLProvider: CSRFTokenURLProviding {        
    func csrfTokenURL(for: URL) -> URL {
        // implement custom logic to create token URL from the request URL
        // ...
        return <#token URL#>

let csrfTokenObserver = CSRFTokenObserver(tokenUrlProvider: myCSRFTokenURLProvider, tokenStore: myCSRFTokenStore)