AEM with CDN how to handle csrf token

Question

I understand the csrf token should not be cached at the dispatcher level. How does this play out when a CDN is in front of the dispatcher? Is it OK for the CDN to cache the csrf token? Would that be a likely configuration by default? Should we instead configure the CDN to forward the tokens back to the dispatcher, like we can do with cookies, query string parameters, etc. I'm wondering if cached content is vulnerable to the attacks the token aims to prevent?

Thanks for any info!

Ravi_Pampana · Accepted Answer

Hi,In that case you can cache csrf token at Akamai or block it at Akamai as making csrf call does not make any impact.

Ravi_Pampana · Answer

Hi,

Are you making anonymous call to publisher ? If so csrf token will be empty and no need to pass to dispatcher, it can be cached in CDN or can be blocked.

For more information: https://experienceleague.adobe.com/docs/experience-manager-65/developing/introduction/csrf-protection.html?lang=en

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded