Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to fix Google Chrome SameSite Cookie issue with SAC and HANA XS

Ian_Henry
Product and Topic Expert
Product and Topic Expert
‎08-26-2020 10:37 AM
In this blogpost I will describe the steps to fix the Chrome SameSite Cookie issue that can occur with SAP Analytics Cloud and HANA Live Connections using the XS Engine on premise.

I am using Google Chrome 84 and the SameSite Cookie change has come into effect, which prevented a number of my dashboards from rendering.

The impact of this is that you maybe your SAC dashboards aren't loading, perhaps you're seeing these error messages.
Http Status: 403 Forbidden



Error Protocol (#50) Cannot fetch csrf token from server

 

Chrome Developer Tools has a new "Issues" tab where we can identify these problems.


Figure 1: Chrome Developer Tools, Issues


Samesite cookies have been expertly explained by dong.pan in detail here.
https://www.sapanalytics.cloud/direct-live-connections-in-sap-analytics-cloud-and-samesite-cookies/

In this blog post I have captured only the steps required for SAC Live Connections to SAP HANA 1.x or 2.x using the XS engine.

1. Create rewrite.txt


This file resides on the HANA filesystem, it should be in somewhere accessible to the HDBADM or equivalent user. Recommended location would be here
/hana/shared/HDB/profile/rewrite.txt

The contents of the file is as follows
SetHeader sap-ua-protocol ""

if %{HEADER:clientprotocol} stricmp http [OR]

if %{HEADER:x-forwarded-proto} stricmp http [OR]

if %{HEADER:forwarded} regimatch proto=http



begin

    SetHeader sap-ua-protocol "http"

end



if %{HEADER:clientprotocol} stricmp https [OR]

if %{HEADER:x-forwarded-proto} stricmp https [OR]

if %{HEADER:forwarded} regimatch proto=https



begin

    SetHeader sap-ua-protocol "https"

end



if %{HEADER:sap-ua-protocol} strcmp "" [AND]

if %{SERVER_PROTOCOL} stricmp https



begin

    SetHeader sap-ua-protocol "https"

end



if %{RESPONSE_HEADER:set-cookie} !strcmp "" [AND]

if %{HEADER:sap-ua-protocol} stricmp https [AND]

if %{HEADER:user-agent} regmatch "^Mozilla" [AND]

if %{HEADER:user-agent} !regmatch "(Chrome|Chromium)/[1-6]?[0-9]\." [AND]

if %{HEADER:user-agent} !regmatch "(UCBrowser)/([0-9]|10|11|12)\." [AND]

if %{HEADER:user-agent} !regmatch "\(iP.+; CPU .*OS 12_.*\) AppleWebKit\/" [AND]

if %{HEADER:user-agent} !regmatch "\(Macintosh;.*Mac OS X 10_14.*(Version\/.* Safari.*|AppleWebKit\/[0-9\.]+.*\(KHTML, like Gecko\))$"



begin

    RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*)" "$1$2; SameSite=None; Secure"

    RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *SameSite=[a-zA-Z]+.*); SameSite=None; Secure" $1$2

    RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *Secure.*); Secure" $1$2

end

 

2. Webdispatcher.ini Parameter


Using HANA Studio, connect to the SYSTEMDB

Navigate to the Configuration -> WebDispatcher -> Profile


Figure 2: HANA Studio, Add Parameter


Add a new System Parameter


Figure 3: Assign Values to System


Change the FILE path as appropriate, to match your rewrite.txt. In my case the HANA SID is HDB.
## Key

icm/HTTP/mod_0



## Value

PREFIX=/, FILE=/hana/shared/<SID>/profile/rewrite.txt


Figure 4: Add icm/HTTP/mod_0 key


 

3. Restart webdispatcher Service


For this setting to become active we need to restart the Webdispatcher.
This can be easily done by killing the service. It will then restart automatically


Figure 5: Kill the webdispatcher service


Logout and login to your live HANA based SAC story or Analytical Application. All should now be working again 🙂

If not check the

  • Chrome Developer Tools Console for errors and or issues.

  • Cookies - check to see if any are being blocked

6 Comments
Labels in this area
Popular Blog Posts