Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM CSRF Issues

Avatar

Level 1
Level 1
3/16/22 9:44:53 AM

We have a scenario where a servlet call is failing with 

'com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting'

Some research into this lead us to this stack overflow post where it is indicated that including granite.csrf.standalone clientlib in your code will handle the CSRF headers. After including this we are still seeing the same CSRF error. Appending '?debugClientLibs=true' to our URL and searching for granite.csrf.standalone, we can see it loaded in correctly. Yet the CSRF is still not handled.

We have a workaround by manually grabbing /libs/granite/csrf/token.json, and submitting that in a 'CSRF-Token' header with the request. My question is how we can get the granite CSRF library to automatically handle this? Has anyone else had success with this method?

AEM version: 2021.11.6023.20211111T113531Z-211000


Views

3.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
3/17/22 3:16:14 AM

Hi,

Can you check the following - 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-inva...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting...

 



Arun Patidar

View solution in original post

Views

3.1K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
3/17/22 3:16:14 AM

Hi,

Can you check the following - 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-inva...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting...

 



Arun Patidar

Views

3.1K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
3/21/22 10:52:21 AM
In response to arunpatidar

Hi Team,


These recommendations did not yield any results. For the time being, we are manually grabbing the token from /libs/granite/csrf/token.json and passing through CSRF-Token header. We may open a support case in the future to look into this.

Views

3.0K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
12/6/23 4:20:05 PM
In response to rbranham

Hi @rbranham  Are you able to solve the issue. 
I am getting the issue in aem author instance
Error Below :

06.12.2023 19:15:57.532 *INFO* [[0:0:0:0:0:0:0:1] [1701908157532] GET /libs/granite/csrf/token.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
06.12.2023 19:15:57.532 *INFO* [[0:0:0:0:0:0:0:1] [1701908157532] GET /libs/granite/csrf/token.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid
06.12.2023 19:15:57.553 *INFO* [[0:0:0:0:0:0:0:1] [1701908157553] GET /favicon.ico HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
06.12.2023 19:15:57.553 *INFO* [[0:0:0:0:0:0:0:1] [1701908157553] GET /favicon.ico HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

  Thanks,

J

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Optimizing Daily API Calls in AEM: A Better Solution? Solved

Views

162

Likes

0

Replies

5
RTE full options not appearing in minimized view AEM 6.5 cloud

Views

126

Likes

0

Replies

4
Redirects do not work with x-aem-client-country header

Views

111

Likes

0

Replies

1
Live copy Robot tag OOTB field issue

Views

100

Likes

0

Replies

2
How to Implement OAuth 2.0 in AEM as the Client Application | AEMasCS

Views

118

Likes

0

Replies

2