我正在嘗試對(duì) SAP Hybris C4C 實(shí)體執(zhí)行 POST 操作。我發(fā)現(xiàn)很多博客都提到我們需要在 POST 期間發(fā)送 X-CSRF-Token，它可以首先使用 GET 操作檢索。我使用 Postman 成功地做到了這一點(diǎn)。因?yàn)?Postman 存儲(chǔ) cookie 不會(huì)導(dǎo)致 CSRF 令牌驗(yàn)證失敗。但是，我實(shí)際上想用 golang 來調(diào)用它。而且我每次都收到錯(cuò)誤，因?yàn)椤癈SRF 令牌驗(yàn)證失敗”。然后在瀏覽了很多博客之后，我發(fā)現(xiàn)我們不僅要設(shè)置 X-CSRF-Token，還要設(shè)置 Cookie，這樣 HTTP POST 就不會(huì)被視為新會(huì)話。否則我們發(fā)送的 csrf 令牌與當(dāng)前會(huì)話不匹配導(dǎo)致錯(cuò)誤。即使在遵循以上兩條線索之后，我仍然遇到錯(cuò)誤。下面是代碼片段，我不確定還缺少什么。代碼片段：auth := "******:*****"basicAuth := base64.StdEncoding.EncodeToString([]byte(auth))geturl := "https://******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi"req, _ := http.NewRequest("GET", geturl, nil)req.Header.Set("Authorization", "Basic "+basicAuth)req.Header.Set("X-Csrf-Token", "Fetch")cli := &http.Client{}res, _ := cli.Do(req)inputMap := make(map[string]interface{})inputMap["PriorityCodeText"] = "Normal"inputJSON, _ := json.Marshal(inputMap)url := "https://*******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi/OpportunityCollection"request, _ := http.NewRequest("POST", url, bytes.NewBuffer(inputJSON))request.Header.Set("Authorization", "Basic "+basicAuth)request.Header.Set("X-Csrf-Token", res.Header.Get("X-Csrf-Token"))request.Header.Set("Cookie", res.Header.Get("Set-Cookie"))request.Header.Set("X-Requested-With", "XMLHttpRequest")request.Header.Set("Content-Type", "application/atomsvc+xml")request.Header.Set("DataServiceVersion", "2.0")//request.Header.Set("Accept", "application/atom+xml")client := &http.Client{}resp, _ := client.Do(request)fmt.Printf("Response status code is: %d", resp.StatusCode)jsonResponseData, _ := ioutil.ReadAll(resp.Body)fmt.Printf("Response is: %s", jsonResponseData)