AEM with CDN how to handle csrf token | Adobe Higher Education
Skip to main content
this-that-the-otter
this-that-the-otter
Level 4
April 27, 2022
Beantwortet

AEM with CDN how to handle csrf token

  • April 27, 2022
  • 1 Antwort
  • 1489 Ansichten

 

I understand the csrf token should not be cached at the dispatcher level. How does this play out when a CDN is in front of the dispatcher? Is it OK for the CDN to cache the csrf token? Would that be a likely configuration by default? Should we instead configure the CDN to forward the tokens back to the dispatcher, like we can do with cookies, query string parameters, etc. I'm wondering if cached content is vulnerable to the attacks the token aims to prevent? 

 

Thanks for any info!

Dieses Thema wurde für Antworten geschlossen.
Beste Antwort von Ravi_Pampana

Hi,

In that case you can cache csrf token at Akamai or block it at Akamai as making csrf call does not make any impact.

1 Antwort

Ravi_Pampana
Community Advisor
Ravi_PampanaCommunity Advisor
Community Advisor
April 28, 2022

Hi,

 

Are you making anonymous call to publisher ? If so csrf token will be empty and no need to pass to dispatcher, it can be cached in CDN or can be blocked. 

 

For more information: https://experienceleague.adobe.com/docs/experience-manager-65/developing/introduction/csrf-protection.html?lang=en

    this-that-the-otter
    this-that-the-otterAutor
    Level 4
    April 28, 2022

    Hi Ravi, 

     

    I believe all of the calls are anonymous, we're not doing any authenticated content on the publish/dispatcher side. Some forms may be submitted, but nothing is submitted back to AEM. Thanks for your input. 

     

      Ravi_Pampana
      Community Advisor
      Ravi_PampanaCommunity AdvisorAntwort
      Community Advisor
      April 28, 2022

      Hi,

      In that case you can cache csrf token at Akamai or block it at Akamai as making csrf call does not make any impact.

        Allgemeine NutzungsbedingungenAccessibility statement

        Loading footer...