Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM: Recommended approach for performing POST request to AEM >=6.2

a_mn1
Level 4
Level 4

Hello Guys, I have been searching all the forums and blogs to find out the recommended approach for implementing an http post request to my website on AEM publish instances. (Mine is a public site and there is no login feature)

Note: This is for a production instance and I don't want to rely on jquery.

Can you please suggest the approach that  I should follow in below scenarios.

1. Initiate a server to server post request (from external server to AEM server)

2. Initiate a post request from client (say a form submission on the website)

Appreciate your help here.

Regards,

Anand MN

1 Accepted Solution
Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

If you do server to server POST call, which makes it more secure than making POST call from client.

But in AEM 'Apache Sling Referrer Filter' configuration make sure the type of request which are allowed from particular domain, so AEM provide one more layer of security. So if you can go for client as well otherwise server side Post call is always advisable if traffic is less otherwise server load will be increased.

Referrer Filter settings

View solution in original post

4 Replies
Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

If you do server to server POST call, which makes it more secure than making POST call from client.

But in AEM 'Apache Sling Referrer Filter' configuration make sure the type of request which are allowed from particular domain, so AEM provide one more layer of security. So if you can go for client as well otherwise server side Post call is always advisable if traffic is less otherwise server load will be increased.

Referrer Filter settings

View solution in original post

a_mn1
Level 4
Level 4

Dear Arun, To be honest , I doubt if this has answered my question. How will you tackle the CSRF token filter issue here ?

Let me tell you how I have solved my issue.

1. In the "Adobe Grantite CSRF Filter", add my servlet to the exclusion list.

2. Check the Allow Empty in the "Apache Sling Referrer Filter".

With the above 2 changes my post request are working in both scenarios.

Now my doubt is , is this a recommened approach for doing POST request in a production publish instance.  How can I have an integration between a non aem system and AEM with POST.