For transactional apps, the client can issue the following types of requests to the ABAP front-end server:
HTML requests
OData requests
For communication between the client and the ABAP front-end server, an HTTPS connection is established.
To set up the connections between SAP Web Dispatcher and the ABAP servers, you must make the following settings:
You must configure HTTP security session management for the ABAP front-end server.
You must configure the ABAP front-end server for supporting SSL.
Note
If you implement SAP Fiori transactional apps in an internet-facing scenario, SAP recommends that you deploy SAP Web Dispatcher in a demilitarized zone (DMZ). For more information, see Internet-Facing Deployment.
To ensure confidentiality and integrity of data, SAP recommends protecting HTTP connections by using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). For information about setting up communication encryption for SAP NetWeaver, see the following documentation:
For SAP NetWeaver 7.31, see the SAP Help Portal at
.For SAP NetWeaver 7.4, see the SAP Help Portal at
.Note
A token-based protection against Cross-Side Request Forgery (CSRF) is active by default in SAP Gateway and SAP HANA XS Fiori OData services. It protects all modifying requests.