Cette conversation a été verrouillée en raison de son inactivité. Veuillez créer une nouvelle publication.
Niveau 1
Niveau 2
Se connecter à la communauté
Connectez-vous pour voir tous les badges
Cette conversation a été verrouillée en raison de son inactivité. Veuillez créer une nouvelle publication.
Hi,
For some of the POST operations, we are getting the response as 403 forbidden. This work fine when "POST" operation is removed from Apache Sling Referrer Filter.We have added the js <cq:includeClientLib categories="granite.csrf.standalone"/>. But still the response is 403.
When we checked the form data from the reqest the attribute :cq_csrf_token is missing in those ajax call which is getting failed. Have any one of you faced similar issue?
Please advice.
Thanks,
Akhila
Résolu ! Accéder à la solution.
Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.
Vues
Réponses
Nombre de J’aime
Check this this gets fixed after removing the 'POST' method for Filter Methods property in Apache Granite CSRF Filter configuration.
Vues
Réponses
Nombre de J’aime
yes, it is working when POST is removed from CSRF filter. But we will not be able to do this as security fails.
Thanks,
Akhila
Vues
Réponses
Nombre de J’aime
Note: Sorry, The configuration name I have mentioned is wrong. It is "Apache Granite CSRF Filter " instead of "Apache Sling Referrer Filter"
Also the exception I am getting is as below.
com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid
Apache Granite CSRF Filter
Vues
Réponses
Nombre de J’aime
Are you using Adobe JQuery to perform the AJAX operation.
Vues
Réponses
Nombre de J’aime
Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.
Vues
Réponses
Nombre de J’aime
Hi Akhila
Add cq.jquery as a dependency in your clientlib and see if it resolves the issue.
Hi Kumar,
We tried this, but still not working. As I have mentioned above, for some of the form submit, it is working, but in some it is not.
Thanks,
Akhila
Vues
Réponses
Nombre de J’aime
Hi Akhila
We had the same issue. The CSRF token was not passed in the form POST. We included the cq.jquery in the head and it worked for us:
<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientLib.all @ categories='cq.jquery'}"/>
But I think it didn't resolve the issue you are having.
Vues
Réponses
Nombre de J’aime
Thanks! This resolves the issue!
Vues
Réponses
Nombre de J’aime
Vues
Likes
Réponses
Vues
Likes
Réponses
Vues
Likes
Réponses