Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

AEM Cloud Service | How to check dispatcher cached files & headers | CORS issue

Avatar

Level 2

Hi,

 

I am following the below article and made the changes to add few headers(Access-Control-Allow-Origin) to be cached along with the response. But if request the page or clientlibs the Access-Control-Allow-Origin header is not coming in the response(Status 304) and only if we pass "?" in the end of the URL, the header is appearing in the response with Status 200

 

https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/understand-cros...

 

We are using AEM as a cloud service and below are my questions

1. How do I debug where it went wrong.

2. How to see whether headers are cached properly in the dispatcher

3. Is there a way where we can make sure the CORS header(Access-Control-Allow-Origin) is present in the response always for every request when requested by 3rd party services

 

 

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

As mentioned @Asutosh_Jena_ Try to clear the cache from Dispatcher & CDN if you have using.

Clearing the cache entirely will be required to ensure the headers are appropriately cached on the next request after a /cache/headers configuration update.

Troubleshooting CORS

Logging is available under com.adobe.granite.cors:

  • enable DEBUG to see details about why a CORS request was denied
  • enable TRACE to see details about all requests going through the CORS handler.

Please refer this article to troubleshoot the CORS header issue: Understand Cross-Origin Resource Sharing (CORS) with AEM | Adobe Experience Manager

  • Manually recreate XHR requests using curl, but make sure to copy all headers and details, as each one can make a difference; some browser consoles allow to copy the curl command
  • Verify if request was denied by the CORS handler and not by the authentication, CSRF token filter, dispatcher filters, or other security layers
    • If CORS handler responds with 200, but Access-Control-Allow-Origin header is absent on the response, review the logs for denials under DEBUG in com.adobe.granite.cors
  • If dispatcher caching of CORS requests is enabled
    • Ensure the /cache/headers configuration is applied to dispatcher.any and the web server is successfully restarted
    • Ensure the cache was properly cleared after any OSGi or dispatcher.any configuration changes.

 

Regards,

Raja

View solution in original post

7 Replies

Avatar

Community Advisor

Hi @selvendranr9588 

 

304 response status means it's served from cache and the content is not modified at the cache. Once you make the change at dispatcher, you need to flush the cache at dispatcher as well as CDN and then you will always get 200 response status with the updated header.

 

Thanks!

Avatar

Level 2

Hi @Asutosh_Jena_ ,

 

In AEM as Cloud Service, How to clear the complete dispatcher and CDN(assuming OOTB Fastly CDN) Cache to see whether headers are reflected or not. Please let me know

Avatar

Correct answer by
Community Advisor

As mentioned @Asutosh_Jena_ Try to clear the cache from Dispatcher & CDN if you have using.

Clearing the cache entirely will be required to ensure the headers are appropriately cached on the next request after a /cache/headers configuration update.

Troubleshooting CORS

Logging is available under com.adobe.granite.cors:

  • enable DEBUG to see details about why a CORS request was denied
  • enable TRACE to see details about all requests going through the CORS handler.

Please refer this article to troubleshoot the CORS header issue: Understand Cross-Origin Resource Sharing (CORS) with AEM | Adobe Experience Manager

  • Manually recreate XHR requests using curl, but make sure to copy all headers and details, as each one can make a difference; some browser consoles allow to copy the curl command
  • Verify if request was denied by the CORS handler and not by the authentication, CSRF token filter, dispatcher filters, or other security layers
    • If CORS handler responds with 200, but Access-Control-Allow-Origin header is absent on the response, review the logs for denials under DEBUG in com.adobe.granite.cors
  • If dispatcher caching of CORS requests is enabled
    • Ensure the /cache/headers configuration is applied to dispatcher.any and the web server is successfully restarted
    • Ensure the cache was properly cleared after any OSGi or dispatcher.any configuration changes.

 

Regards,

Raja

Avatar

Level 2

Yes. I followed this article and in AEM as Cloud Service how do I clear the complete Dispatcher cache ?

Avatar

Community Advisor

Navigate to the cache directory of the website where you have implemented the configuration change and delete all the files under the cache directory .

 

Regards,

Raja

Avatar

Level 2

Hi @RA ,

 

We are using AEM cloud service and please let me know how can we navigate to a folder and clean all the cache under it.

 

I want clear all the cache under /etc.clientlibs/*

 

Thanks in advance.

Avatar

Community Advisor

Can you find the cache root directory from farm file or Virtual host of the website and let us know ?