Adobe Experience Manager Sites & More

rbranham · 3/16/22

We have a scenario where a servlet call is failing with

'com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting'

Some research into this lead us to this stack overflow post where it is indicated that including granite.csrf.standalone clientlib in your code will handle the CSRF headers. After including this we are still seeing the same CSRF error. Appending '?debugClientLibs=true' to our URL and searching for granite.csrf.standalone, we can see it loaded in correctly. Yet the CSRF is still not handled.

We have a workaround by manually grabbing /libs/granite/csrf/token.json, and submitting that in a 'CSRF-Token' header with the request. My question is how we can get the granite CSRF library to automatically handle this? Has anyone else had success with this method?

AEM version: 2021.11.6023.20211111T113531Z-211000

arunpatidar · 3/17/22

Hi,

Can you check the following -

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-inva...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting...

Arun Patidar

View solution in original post

arunpatidar · 3/17/22

Hi,

Can you check the following -

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-inva...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting...

Arun Patidar

rbranham · 3/21/22

Hi Team,

These recommendations did not yield any results. For the time being, we are manually grabbing the token from /libs/granite/csrf/token.json and passing through CSRF-Token header. We may open a support case in the future to look into this.

Adobe Experience Manager Sites & More

AEM CSRF Issues

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe