Sling Servlet CSRF attacks protection | Community
Skip to main content
S
santhsohm220338
October 29, 2020
Question

Sling Servlet CSRF attacks protection

  • October 29, 2020
  • 2 replies
  • 925 views

Hello Everyone,

 

I have the below situation

I have a page, user comes and select his plan and click the button to navigate to next page. on clicking the button UI(react) will make ajax call to sling servlet and post the user selected values as request payload(request data). 

Here we have a situation we could able to trap the request using burp proxy interceptor and tampering the  request and the same changed values server accepting. Expecting behavior :server not to accept the manipulated data and should throw error.

I tried enabling CSRF token for Servlets and I can see CSRF-Token in request header as well. still did not worked for me.

Please help me here. Appreciate your help.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

S
santhsohm220338Author
October 30, 2020

Any suggestions here?

Mayank_Gandhi
Adobe Employee
Mayank_GandhiAdobe Employee
Adobe Employee
November 5, 2020

@kautuk_sahni  Can you please move it to aem core.

    Terms & ConditionsAccessibility statement

    Loading footer...