I am calling my servlet from external application creating a Ajax call invoking csrf token and uploading asset to them.
I get 403 while invoking the servlet. If I remove post from referrer it works. Is there any way to remove post restriction for particular servlet ?
You can also remove auth requirements so your 3rd party app can successfully invoke it.
How do I do that ? Any security issue doing it ?
And if I remove Auth req to the servlet how does it upload file to dam. I am sending csrf token in the header for the servlet to add file to DAM. Will it not impact?
Example here - Adobe Experience Manager Help | Creating Java Swing applications that posts files to AEM ClientLibs ...
Did you updated the Apache Sling Referrer Filter configuration in order to add host (Allow Hosts property)which can post to aem