Solved

AEM CSRF Issues

Forum|Forum|3 years ago
March 16, 2022
1 reply
4572 views

We have a scenario where a servlet call is failing with

'com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting'

Some research into this lead us to this stack overflow post where it is indicated that including granite.csrf.standalone clientlib in your code will handle the CSRF headers. After including this we are still seeing the same CSRF error. Appending '?debugClientLibs=true' to our URL and searching for granite.csrf.standalone, we can see it loaded in correctly. Yet the CSRF is still not handled.

We have a workaround by manually grabbing /libs/granite/csrf/token.json, and submitting that in a 'CSRF-Token' header with the request. My question is how we can get the granite CSRF library to automatically handle this? Has anyone else had success with this method?

AEM version: 2021.11.6023.20211111T113531Z-211000

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by arunpatidar

Hi,

Can you check the following -

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944

arunpatidar

Accepted solution

Community Advisor

Hi,

Can you check the following -

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944

Arun Patidar

R

rbranhamAuthor

Hi Team,

These recommendations did not yield any results. For the time being, we are manually grabbing the token from /libs/granite/csrf/token.json and passing through CSRF-Token header. We may open a support case in the future to look into this.

J

josbutler

Hi @rbranham Are you able to solve the issue.
I am getting the issue in aem author instance
Error Below :

06.12.2023 19:15:57.532 *INFO* [[0:0:0:0:0:0:0:1] [1701908157532] GET /libs/granite/csrf/token.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
06.12.2023 19:15:57.532 *INFO* [[0:0:0:0:0:0:0:1] [1701908157532] GET /libs/granite/csrf/token.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid
06.12.2023 19:15:57.553 *INFO* [[0:0:0:0:0:0:0:1] [1701908157553] GET /favicon.ico HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
06.12.2023 19:15:57.553 *INFO* [[0:0:0:0:0:0:0:1] [1701908157553] GET /favicon.ico HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

Thanks,

J

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded