Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

403 forbidden for some of the POST operations

Avatar

Level 3
Level 3
2/21/18 2:55:04 AM

Hi,

For some of the POST operations, we are getting the response as 403 forbidden. This work fine when "POST" operation is removed from Apache Sling Referrer Filter.We have added the js <cq:includeClientLib categories="granite.csrf.standalone"/>. But still the response is 403.

When we checked the form data from the reqest the attribute :cq_csrf_token is missing in those ajax call which is getting failed. Have any one of you faced similar issue?

Please advice.

Thanks,

Akhila

Views

4.8K

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 3
Level 3
2/22/18 7:10:52 PM

Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.

View solution in original post

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
9 Replies

Avatar

Administrator
Administrator
2/21/18 3:23:24 AM

Check this this gets fixed after removing the 'POST' method for Filter Methods property in Apache Granite CSRF Filter configuration.



Kautuk Sahni

Views

2.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
2/21/18 3:49:24 AM

yes, it is working when POST is removed from CSRF filter. But we will not be able to do this as security fails.

Thanks,

Akhila

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
2/21/18 3:55:07 AM

Note: Sorry, The configuration name I have mentioned is wrong. It is "Apache Granite CSRF Filter " instead of "Apache Sling Referrer Filter"

Also the exception I am getting is as below.

com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting

com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

Apache Granite CSRF Filter

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
2/21/18 10:05:44 AM

Are you using Adobe JQuery to perform the AJAX operation.

Views

2.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 3
Level 3
2/22/18 7:10:52 PM

Yes, we are using Jquery Ajax to perform the operation. Now we have fixed the issue by adding the token to the form data using jquery.

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
2/22/18 8:46:57 PM

Hi Akhila

Add cq.jquery as a dependency in your clientlib and see if it resolves the issue.

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
2/22/18 8:59:54 PM

Hi Kumar,

We tried this, but still not working. As I have mentioned above, for some of the form submit, it is working, but in some it is not.

Thanks,

Akhila

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/22/18 9:21:46 PM

Hi Akhila

We had the same issue. The CSRF token was not passed in the form POST. We included the cq.jquery in the head and it worked for us:

<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientLib.all @ categories='cq.jquery'}"/>

But I think it didn't resolve the issue you are having.

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
I want to disable the delete copy move and all the other options for the child components Solved

Views

131

Likes

0

Replies

5
Could not create a technical account and got a 403 error

Views

63

Likes

0

Replies

2
how to implement nonce for Content-Security-Policy script-src directive in dispatcher

Views

61

Likes

0

Replies

1
Ability to preview or thumbnail to preview for XF

Views

69

Likes

0

Replies

2
Tips Needed for Adobe AD0-E126 Exam Preparation

Views

406

Likes

0

Replies

3