Disable CSRF when working with Postman
If you receive an http 500-internal server error in Postman when you are testing your Sitecore Commerce Engine, you need to disable CSRF validation.
You do this in the config.json
file located in the wwwroot folder of the commerce engine (in a standard installation this will be C:\inetpub\wwwroot\CommerceAuthoring_Sc9\wwwroot\config.json
.
Change the setting "AntiForgeryEnabled": true
to "AntiForgeryEnabled": false
and your Postman requests should work again.
Note that you only get the http 500 error on POST, PUT and DELETE requests.