CSRF token validation is failed

Hello,

i try to do a GET and POST request from an android app using javascript.

I developed the following code to get the csrf token with the GET and use it to send a POST request.

it doesn’t work. The Token ist correctly returned, but the POST doen’t work. It return “CSRF token validation is failed”

  function xhr(){

var xhrForHead = new XMLHttpRequest();
var csrfToken
xhrForHead.withCredentials = true;

xhrForHead.addEventListener("readystatechange", function() {
   if(this.readyState === 4) {
    console.log(this.responseText);
    csrfToken = xhrForHead.getResponseHeader("X-CSRF-Token")

var myHeaders = new Headers();
myHeaders.append("X-CSRF-Token", csrfToken);
myHeaders.append("Content-Type", "application/xml");
myHeaders.append("Authorization", "Basic SDYyNuhuhnjsklUMTI=");
myHeaders.append("Cookie", "MYSAPSSO2=AjQxMDMBABhIADYAMgA0ADIAMQA5ACAAIkrnknkNKNNUBJACAAIAAgACAABAAYMgAwADIAMUHIKOKMNHVGVEANgA0ADEABQAEAAAACAYAAlgACQACRQD%2fAVcwggFTBgkqhhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwzE2NDExMlowIwYJKoZIhvcNAQkEMRYEFBmtYzRqKDP0yD3GOybxG3tQpDFBMAkGByqGSM44BAMELzAtAhUAkNZaJuhVl9GD4I0e9gIAsrnYlCICFAmG%218eYZgS0whq6D3UOzzJFMVdR");


var raw = "<?xml version=\"1.0\" encoding=\"utf-8\"?><entry xml:base=\"http://r30.de/sap/opu/odata/sap/Z_TRANSPORT_ORDER_SRV/\" xmlns=\"http://www.w3.org/2005/Atom\" xmlns:m=\"http://schemas.microsoft.com/ado/2007/08/dataservices/metadata\" xmlns:d=\"http://schemas.microsoft.com/ado/2007/08/dataservices\"><content type=\"application/xml\"><m:properties><d:TANummer1>0000000016</d:TANummer1><d:Quittierungskennzeichen>X</d:Quittierungskennzeichen><d:Lagernummer>ZLU</d:Lagernummer></m:properties></content></entry>";

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};
fetch("https://r301.de/sap/opu/odata/sap/Z_TRANSPORT_ORDER_SRV/Transport_Order_Confirmation_Set", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));
}
});

xhrForHead.open("GET", "https://r301.de/sap/opu/odata/sap/Z_TRANSPORT_ORDER_SRV/Transport_Order_Confirmation_Set('10')");
xhrForHead.setRequestHeader("x-csrf-token", "FETCH");
xhrForHead.setRequestHeader("Authorization", "Basic SDYyNuhuhnjsklUMTI=");
xhrForHead.send();


}