Issue AEM-6.1 Sling POST Servlet- Upload an image to AEM DAM | Community
Skip to main content
N
NitroHazeDev
Level 9
November 13, 2015
Solved

Issue AEM-6.1 Sling POST Servlet- Upload an image to AEM DAM

  • November 13, 2015
  • 12 replies
  • 4719 views

Hey Guys,

I am trying to use the OOTB Post servlet in 6.1 referring to the below blog. It works fine in 5.6.1, but in 6.1, i believe there is a bug which does not let me POST successfully, i keep getting 403, forbidden error.  Can someone point out any necessary configuration missing here?

http://blogs.adobe.com/experiencedelivers/experience-management/how_to_upload_animageviaslingpostservlet/

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by kautuk_sahni

Hi 

As mentioned by Opkar Gill, if the error is CSRF, then configure the referrer filter.

Issues with Cross-Site Request Forgery

This is a security issue from the CRX Security Checklist, that is also appropriate to CQ.

To address known security issues with Cross-Site Request Forgery (CSRF) in CRX WebDAV and Apache Sling you need to configure the Referrer filter.

The referrer filter service is an OSGi service that allows you to configure:

  • which http methods should be filtered
  • whether an empty referrer header is allowed
  • and a white list of servers to be allowed in addition to the server host.

By default, all variations of localhost and the current host names the server is bound to are in the white list.

To configure the referrer filter service:

  • Open the Apache Felix console (Configurations) at:
       http://<server>:<port_number>/system/console/configMgr

  • Login as admin.

  • In the Configurations menu, select:

        Apache Sling Referrer Filter
     

  • In the Allow Hosts field, enter all hosts that are allowed as a referrer. Each entry needs to be of the form
       <protocol>://<server>:<port> 
    For example:

    • http://allowed.server:80 allows all requests from this server with the given port.
    • If you also want to allow https requests, you have to enter a second line.
    • If you allow all ports from that server you can use 0 as the port number.
       

  • Check the Allow Empty field, if you want to allow empty/missing referrer headers.

  • Edit the methods this filter should use for checks with the Filter Methods field.
     

  • Click Save to save your changes.

    Link: https://docs.adobe.com/docs/en/aem/6-1/administer/security/security-checklist.html#Protect against Cross-Site Request Forgery

     

    I hope this would help you.

    Thanks and Regards

    Kautuk Sahni

    12 replies

    Show previous replies
    A
    abhishekb
    Level 3
    December 1, 2015

    I may already be late in responding.

    We were facing the same issue with that nagging CSRF error. We included a dependency(granite.csrf.standalone) to our component's client lib.to solve the issue

    It's documented here 

    N
    NitroHazeDevAuthor
    Level 9
    December 16, 2015

    kautuksahni wrote...

    Hi 

    As mentioned by Opkar Gill, if the error is CSRF, then configure the referrer filter.

    Issues with Cross-Site Request Forgery

    This is a security issue from the CRX Security Checklist, that is also appropriate to CQ.

    To address known security issues with Cross-Site Request Forgery (CSRF) in CRX WebDAV and Apache Sling you need to configure the Referrer filter.

    The referrer filter service is an OSGi service that allows you to configure:

    • which http methods should be filtered
    • whether an empty referrer header is allowed
    • and a white list of servers to be allowed in addition to the server host.

    By default, all variations of localhost and the current host names the server is bound to are in the white list.

    To configure the referrer filter service:

    • Open the Apache Felix console (Configurations) at:
         http://<server>:<port_number>/system/console/configMgr

    • Login as admin.

    • In the Configurations menu, select:

          Apache Sling Referrer Filter
       

    • In the Allow Hosts field, enter all hosts that are allowed as a referrer. Each entry needs to be of the form
         <protocol>://<server>:<port> 
      For example:

      • http://allowed.server:80 allows all requests from this server with the given port.
      • If you also want to allow https requests, you have to enter a second line.
      • If you allow all ports from that server you can use 0 as the port number.
         

    • Check the Allow Empty field, if you want to allow empty/missing referrer headers.

    • Edit the methods this filter should use for checks with the Filter Methods field.
       

    • Click Save to save your changes.

      Link: https://docs.adobe.com/docs/en/aem/6-1/administer/security/security-checklist.html#Protect against Cross-Site Request Forgery

       

      I hope this would help you.

      Thanks and Regards

      Kautuk Sahni

       

       

       

      Hello Kautak,

      This suggestion was implemented but did not help. An Adobe consultant recommended we make this a component and that is how this issue got resolved.

      Terms & ConditionsAccessibility statement

      Loading footer...