403 forbidden for some of the POST operations | Community
Skip to main content
A
akhilat9657589
Level 2
February 21, 2018
Solved

403 forbidden for some of the POST operations

  • February 21, 2018
  • 9 replies
  • 5492 views

Hi,

For some of the POST operations, we are getting the response as 403 forbidden. This work fine when "POST" operation is removed from Apache Sling Referrer Filter.We have added the js <cq:includeClientLib categories="granite.csrf.standalone"/>. But still the response is 403.

When we checked the form data from the reqest the attribute :cq_csrf_token is missing in those ajax call which is getting failed. Have any one of you faced similar issue?

Please advice.

Thanks,

Akhila

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by akhilat9657589

    Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.

    9 replies

    kautuk_sahni
    Community Manager
    kautuk_sahniCommunity Manager
    Community Manager
    February 21, 2018

    Check this this gets fixed after removing the 'POST' method for Filter Methods property in Apache Granite CSRF Filter configuration.

    Kautuk Sahni
    A
    akhilat9657589Author
    Level 2
    February 21, 2018

    yes, it is working when POST is removed from CSRF filter. But we will not be able to do this as security fails.

    Thanks,

    Akhila

    A
    akhilat9657589Author
    Level 2
    February 21, 2018

    Note: Sorry, The configuration name I have mentioned is wrong. It is "Apache Granite CSRF Filter " instead of "Apache Sling Referrer Filter"

    Also the exception I am getting is as below.

    com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting

    com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

    Apache Granite CSRF Filter

    smacdonald2008
    smacdonald2008
    Level 10
    February 21, 2018

    Are you using Adobe JQuery to perform the AJAX operation.

    A
    akhilat9657589AuthorAccepted solution
    Level 2
    February 23, 2018

    Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.

    pratekumar
    pratekumar
    Level 2
    February 23, 2018

    Hi Akhila

    Add cq.jquery as a dependency in your clientlib and see if it resolves the issue.

      A
      akhilat9657589Author
      Level 2
      February 23, 2018

      Hi Kumar,

      We tried this, but still not working. As I have mentioned above, for some of the form submit, it is working, but in some it is not.

      Thanks,

      Akhila

      pratekumar
      pratekumar
      Level 2
      February 23, 2018

      Hi Akhila

      We had the same issue. The CSRF token was not passed in the form POST. We included the cq.jquery in the head and it worked for us:

      <sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientLib.all @ categories='cq.jquery'}"/>

      But I think it didn't resolve the issue you are having.

      priyankabiswal-
      priyankabiswal-
      Level 2
      February 12, 2019

      Thanks! This resolves the issue!

      Terms & ConditionsAccessibility statement

      Loading footer...