MicroHub | Microsoft Github MicroHub

We're using SAP Cloud SDK 3.32.0 with SpringBoot. We've generated a typed OData service based on the EDMX metadata file generated by the service and use the generated client in our code. All logs entries showing our issue are below (cleaned them up a bit to show the important parts only)

The situation is the following:

• We send a myservice.createEntity(MyEntity).exectureRequest(myDestination) with the generated client. Since this is a modifying/creating call, the client first requests a CSRF token. This works fine as shown in the logs below (first HEAD and POST calls)
• Next we call a function with myservice.myFunction(p1, p2, p3).executeRequest(myDestination). This is a function exposed by the same OData service, so the service path is the same. Since this function is a POST, the client will again try to fetch a CSRF token. However, this results in a HTTP 403 Forbidden status code. We do not get the CSRF token (see second HEAD request in the logs below).
• The function call is still executed, but with an empty X-CSRF-Token http header (second POST request in logs).
• Although we seem to receive a response from the OData service, the client finallly times out (Read time out) and we are unable to process the result of the function call.

Debugging/clicking through the code of the CloudSDK, I discovered that the generated "FluentHelperFunction" class has it's own logic for retrieving the CSRF token (e.g. it uses "Fetch" in the HEAD requests), where as the FluentHelperCreate class uses the DefaultCsrfRetriever class (which uses lower case "fetch" for the HEAD call).

So my questions are:

• Why does the HEAD call for CSRF fail when done by a function call (i.e. myservice.myFunction())
• Why does the FluentHelperFunction class have it's own logic for getting a CSRF token?
• What can I do to make this work properly. Or is this a bug in the SDK?

Logs: