Encountering an error when submitting form with an empty and invalid CSRF token | Community
Skip to main content
S
SiddhiDa1
March 25, 2025
Solved

Encountering an error when submitting form with an empty and invalid CSRF token

  • March 25, 2025
  • 2 replies
  • 530 views

Hi,

 

I need help with an issue involving an empty and invalid CSRF token when submitting the form. I've already included CSRF token in the client header. 

 

Here are the error logs: 

 *INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
 *INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

 

could you kindly assist me in finding a solution to fix this error? 

 

Thank you.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by giuseppebaglio

The error occurs because the CSRF token is either missing, expired, or invalid. Manually fetch the token from /libs/granite/csrf/token.json and include it in headers, ensure forms use the correct hidden input, and validate client/server configurations.

For example:

// Fetch CSRF token for AJAX requests $.getJSON("/libs/granite/csrf/token.json", function(data) { $.ajax({ url: "/bin/your-servlet", type: "POST", headers: { "CSRF-Token": data.token }, // ... other settings }); });

Some helpful links:

https://www.albinsblog.com/2023/03/what-is-csrf-how-is-csrf-protection-enabled-in-aem.html 

https://stackoverflow.com/a/34130703

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944 

2 replies

giuseppebaglio
giuseppebaglioAccepted solution
Level 10
March 25, 2025

The error occurs because the CSRF token is either missing, expired, or invalid. Manually fetch the token from /libs/granite/csrf/token.json and include it in headers, ensure forms use the correct hidden input, and validate client/server configurations.

For example:

// Fetch CSRF token for AJAX requests $.getJSON("/libs/granite/csrf/token.json", function(data) { $.ajax({ url: "/bin/your-servlet", type: "POST", headers: { "CSRF-Token": data.token }, // ... other settings }); });

Some helpful links:

https://www.albinsblog.com/2023/03/what-is-csrf-how-is-csrf-protection-enabled-in-aem.html 

https://stackoverflow.com/a/34130703

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944 

    kautuk_sahni
    Community Manager
    kautuk_sahniCommunity Manager
    Community Manager
    April 1, 2025

    @siddhida1 Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

    Kautuk Sahni
    Terms & ConditionsAccessibility statement

    Loading footer...