[ https://issues.jboss.org/browse/TEIID-5588?page=com.atlassian.jira.plugin... ] Christoph John updated TEIID-5588: ---------------------------------- Description: As discussed in https://issues.jboss.org/browse/TEIID-5545 OpenUI5 implements a earlyRequest feature to preload metadata information from an odata v4 service. It would be great if support for this could be added to Teiid/Widlfly. Thomas Chadzelek, who I assume is a lead developer for the odata v4 model at SAP kindly provided the following information and offered his support in case further questions arise: The "earlyRequests" parameter is pretty simple. It will send GET requests for /$metadata and all annotation XML files (see parameter "annotationURI"). It will also send a HEAD request to with header "X-CSRF-Token" : "Fetch" in order to fetch the security token. If Teiid/Olingo does not implement CSRF protection by requiring such a header, there should be no need to properly answer the HEAD request at all. Else it would be nice to return the right CSRF token value in the response's headers. Please see Cross-Site Request Forgery Protection and Gateway protection against Cross-Site Request Forgery attacks for some background infos. For further questions you can contact him directly by joining the discussion at: https://github.com/SAP/openui5/issues/2288 Thanks a lot. Let we know if I can support with testing. Best regards, Christoph was: As discussed in https://issues.jboss.org/browse/TEIID-5545 OpenUI5 implements a earlyRequest feature to preload metadata information from an odata v4 service. It would be great if support for this could be added to Teiid/Widlfly. Thomas Chadzelek, who I assume is a lead developer for the odata v4 model kindly gave me the following information and offered his support if further questions arise: The "earlyRequests" parameter is pretty simple. It will send GET requests for /$metadata and all annotation XML files (see parameter "annotationURI"). It will also send a HEAD request to with header "X-CSRF-Token" : "Fetch" in order to fetch the security token. If Teiid/Olingo does not implement CSRF protection by requiring such a header, there should be no need to properly answer the HEAD request at all. Else it would be nice to return the right CSRF token value in the response's headers. Please see Cross-Site Request Forgery Protection and Gateway protection against Cross-Site Request Forgery attacks for some background infos. For further questions you can contact him directly by joining the discussion at: https://github.com/SAP/openui5/issues/2288 Thanks a lot. Let we know if I can support with testing. Best regards, Christoph -- This message was sent by Atlassian Jira (v7.12.1#712002)