ajax service call not triggered while on dispatcher | Community
Skip to main content
sreenu539
sreenu539
Level 7
November 28, 2017
Question

ajax service call not triggered while on dispatcher

  • November 28, 2017
  • 8 replies
  • 3302 views

Hi All,

I am seeing "unable to read csrf meta information" on IE edge (11) and chrome is working fine. Page keeps on loading and never completed loading.

If I access the publish urls without dispatcher IE11 pages loading fine. (all ajax calls triggered fine)

If I access the publish servers through dispatcher urls, IE11 pages not loading completely. ( some ajax service calls not triggered )

Why does the certain ajax calls are not triggered while on dispatcher ? ( every ajax request is going through same aem servlet ).

Thanks,

Sree

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

8 replies

kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
November 29, 2017

From AEM 6.1, it introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at The Dispatcher Security Checklist

Just make sure, your http/https call is allowed at dispatcher level. As you know, most of the time, all JSON calls are denied at the dispatcher. So, let that filter be as it is and adds another filter to allow your call (token.json)

Source:- csrf url redirection

Kautuk Sahni
sreenu539
sreenu539Author
Level 7
November 30, 2017

kautuksahni​ : thank you for the replyl.

Just to give the background, application is migrated from AEM 6.1 to AEM 6.3 ( Environment : Windows 7 OS, IE11 browser).

On AEM 6.1, application does not have any issues through dispatcher url.

On AEM 6.3, when application accessed through dispatcher url:

AEM 6.3 not sending some of the ajax POST webservice requests to the backend server. ( all webservice requests are channeled through an AEM Servlet)

In dispatcher.any file, I do have the /libs/ .../csrf/* as allow in the filter section.

if I access, publish url directly, all ajax service calls are going through and I see the pages loading properly.

Do I need to add "CSRF-TOKEN" in clientheaders section of dispatcher.any file?

Do I need to have "CSRF-TOKEN" defined in application as some meta tag?

Could you please shed some light on this behavior ?

sreenu539
sreenu539Author
Level 7
December 3, 2017

Issue is happening with or without dispatcher. I am able to reproduce the issue on publisher instance.

how to get the csrf token and send while making an ajax call?

one of ajax post call is failing with "unable to read csrf meta information" and trying to get the code working.

appreciate any help. some pesudocode here:

getFundData: function(resortId, requestData) {

        var fundPromise = $.Deferred();

        $.ajax({

            type: 'POST',

            url: serviceUrl,

            data: JSON.stringify(requestData),

            dataType: 'json',

            contentType : 'application/json',

            success: function(response) {

                fundPromise.resolve(response);

            },

            error : function(errorMsg) {

                fundPromise.reject(errorMsg);

            }

        });

        return fundPromise;

    }

sreenu539
sreenu539Author
Level 7
December 3, 2017

This issue is happening due to csrf.js located in libs/grantie/jquery/granite path

In the following code for POST requests "this._csrf" value set to true and the following code goes to fail function which results in aborting ajax post calls.

could anyone from adobe staff can help ?

XMLHttpRequest.prototype.send = function(method) {

        if (!this._csrf) {

            send.apply(this, arguments);

            return;

        }

        if (globalToken) {

            this.setRequestHeader(HEADER_NAME, globalToken);

            send.apply(this, arguments);

            return;

        }

        var self = this;

        var args = Array.prototype.slice.call(arguments);

        promise.then(function(token) {

self.setRequestHeader(HEADER_NAME, token);

send.apply(self, args);

        }, function() {

            if (window.console) {

                console.error('Unable to read CSRF meta information');

            }

send.apply(self, args);

        });

    };

kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
December 7, 2017

Jörg Hoh​ Any help here?

Kautuk Sahni
kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
December 7, 2017

You need to allow /libs/granite/csrf/token.json as well as the CSRF-Token header in the dispatcher (The Dispatcher Security Checklist ).

For the CSRF token, if you are dependant on the granite.jquery clientlib, then it should be available by default. Else, you need to add granite.csrf.standalone dependency in your client library so as to enable the CSRF framework. More about this can be found here.

See The CSRF Protection Framework

Kautuk Sahni
sreenu539
sreenu539Author
Level 7
December 15, 2017

/csrf/token.json is allowed at dispatcher.any level

contexthub cart.json ajax post call is failing in the csrf.js.

For now , disabled contexthub, so there will bo no invalidstateerror and application ajax calls are executing.

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
December 26, 2017

sreenu539​,

Go to publish OSGI console and make sure you have referrer (Apache referrer) configuration domain. it should be added here. Basically it needs domain name where you are POST request is coming. Try without any protocol e.g google.com, your-hostname.com

Just try and let me know.

Regards,

Jitendra

Terms & ConditionsAccessibility statement

Loading footer...