Bizagi SAP Cloud Platform Dispatcher

Released on 08/15/25

Description

The Dispatcher is a component used to route user requests to microservices deployed on the Cloud Foundry platform. It is the single point of entry for an application running in the Cloud Foundry environment into SAP BTP. The Application Router or Dispatcher is used to serve static content, authenticate users, rewrite URLs, and forward or send proxy requests to other microservices.

In the specific case of Bizagi, the Dispatcher is used to route requests to the destinations configured in the SAP BTP platform, allowing to build requests to the Odata layer exposed by the client's SAP system.

Below find the updates for each version of the Bizagi SAP Cloud Platform Dispatcher.

Version 1.1.23

Fixed CSRF token handling for POST requests targeting SAP HANA Public Edition.
Corrected If Match header behavior to avoid incorrect usage in POST operations.
Centralized If Match header logic so it is only applied to PUT, PATCH, and DELETE requests, preventing 501 errors during POST executions.
Improved error logging with enhanced anonymization of sensitive data during POST method execution.
Added comprehensive error logging covering multiple failure scenarios, including response metadata, request configuration details, and CSRF token related errors.

Version 1.1.20

Adjusted POST method execution for OData V4 services.
Improved GET method handling to correctly process special characters in parameter values.

Version 1.1.19

General adjustments and performance improvements.

Version 1.1.18

Added support for OData V4 executions.
Added support for SAP S 4 HANA Public Edition environments.

Version 1.1.17

The dispatcher version is now displayed when accessing the root path.

Version 1.1.16

Fix(start.js): decode filters header before appending to baseUrl
- Decoded URI-encoded ‘filters’ header received from Connector Service.
- Ensured safe fallback if decoding fails.
- Re-encoded decoded value when constructing baseUrl for GET requests.
- Added log for final resolved baseUrl.

Version 1.1.15

Added the header “X-Requested-With”: “XMLHttpRequest” to ensure compatibility with CSRF requests in SAP.

Version 1.1.14

Removed the entity set from the base URL to properly retrieve x-csrf-token in POST actions

Version 1.1.13

Initialize proxyConfigM to prevent reference errors in Axios GET requests.

Version 1.1.12

Prevent server-side parameter pollution. Modified the isValidDestinationPath function to improve validation of the destinationPath parameter.

Version 1.1.11

Avoid server-side parameter pollution. Added a function to validate the path parameter that reaches the dispatcher and avoid unsafe characters.

Version 1.1.10

Added environment variables to get the correct names of the dispatcher bound services. The protocol property of the headers where the proxy information was located was removed, since it was not necessary.

Version 1.1.9

HTTP Security Headers Improvements (Missing X-Frame-Options, Content-Security-Policy, Cache-Control).

Version 1.1.8

Improved logs to anonymize sensitive information.

Version 1.1.7

In the Patch method security was added to verify token and log messages were improved.

Version 1.1.6

Values with sensitive information were removed so that error logs with that information are not created in the BTP and are not returned to Bizagi.

Version 1.1.5

Upgraded @sap/xssec version to 3.6.0.

Version 1.1.4

New way to deploy the dispatcher in SAP Cloud BTP.

Version 1.1.3

The way to obtain the authorization X-CSRF-Token before making the final request has been modified.
Return request headers to the connector service.
Improvement in destinationPath. Now is sent Location ID in headers when is necessary.
The filters are scaped to support special characters.
Were added the special SAP headers in the POST methods and was implemented a logical to send headers in status code 204 because this code does not have content to send a body.
Was implemented specific handling of headers for CREATE, UPDATE and PATCH method when status code is 204.
Refactor en code.
Improvements and new logs.
Updated to node js version 18.

Version 1.1.2

Added location Id header to Basic Authentication. This makes it possible to connect to configurations that use a different locationId.
Added location Id header to Basic Authentication (TM24640).

Version 1.1.1

Replaced request library by axios, which improves the speed and efficiency of requests in the application.
Updated dependencies of several libraries used in the application, which improves the security and stability of the application.
Replaced request library (deprecated: https://www.npmjs.com/package/request) by axios
Updated “express” dependencie to “4.18.2”
Updated “pug” by “Jade”
Updated “pg-promise” dependencie to “11.0.2”
Updated “body-parser” dependencie to “1.20.1”
Updated “passport” dependencie to “0.6.0”

Version 1.1.0

Update to SAP Cloud Connector: Bizagi integrates with SAP S/4 HANA, ECC, or R/3 systems using the SAP Cloud Platform. It has been enhanced with a new set of security features, using OAuth based authentication, that helps secure access to the Bizagi Dispatcher for SAP Cloud connector.
Added Authentication and Authorization feature.

Version 1.0.3

Updated several dependencies of libraries used in the application, which improves the security and stability of the application.
Updated node version to ^16 in package.json
Updated @sap/xssec dependency to ^3.2.13
Updated @sap/xsenv dependency to ^3.3.2
Added validation to get environment and use logger component
Removed JWT logs and other user data

Version 1.0.2

Added extra logs to view more details of incoming requests in Cloud Foundry, which helps developers debug issues with requests.
Removed an unnecessary option in the start command, which improves the efficiency of the application.
Added extra logs to view more details of incoming request in cloud foundry
some code comments were removed
Removed “–inspect” option on start command
Removed “/destinations” data sensitive endpoint from configured destinations