Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Allow Post request on AEM page from external application

Avatar

Level 2
Level 2
‎02-05-2022 14:20 PDT

Hi All,

I am using AEM 6.4. One of our external team is trying to redirect on our AEM page and sending data through form action as POST request but our AEM page is not accessible from third party side. Please suggest how can I allow Post request on AEM page from external side.

I have checked the logs, dispatcher is blocking the request and request is not able to reach upto Publisher.

 

thanks

Views

185

Replies

8

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
‎03-05-2022 05:46 PDT

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@Arun_Patidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

View solution in original post

Views

157

Replies

6

Total Likes

Translate
Translate
Jump to reply
8 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
‎03-05-2022 05:46 PDT

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@Arun_Patidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

Views

158

Replies

6

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
‎04-05-2022 18:02 PDT
In response to DEBAL_DAS

@DEBAL_DAS @Arun_Patidar Thanks Arun and Debal for the suggestions. I have updated the configuration on Dispatcher level and added the rule to allow the POST request but I am still not able to access the URL. Now we are getting below error in logs:

"org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request"

 

 Is this error coming because Apache sling Referrer is blocking POST request because of referrer check ?

Can I remove POST method from Filter methods list and check allow empty? But in this case it will allow for all the urls, how can I allow POST request only for one particular URL.

 

Thanks

Views

131

Replies

4

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
‎04-05-2022 21:23 PDT
In response to sunily21159739

I will segregate the entire process in two steps.

Step1: we can block all undesired POST requests via dispatcher request and allow the desired one only.

Step2: Make necessary change at Apache sling Referrer Filter to allow that desired POST request to reach AEM.

Views

128

Replies

3

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
‎10-05-2022 15:37 PDT
In response to DEBAL_DAS

Hi @DEBAL_DAS : After updating Apache sling Referrer Filter to allow POST request, 403 error gone but now 500 error is coming on Publisher level.

Please suggest:

05.05.2022 12:17:03.421 *ERROR* [10.112.199.8 [1651778223418] POST /content/kDealer/en/kdealersso.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.

org.apache.sling.api.resource.PersistenceException: Resource at '/content/kDealer/en/kdealersso' is not modifiable.

 

Thanks

Views

86

Replies

2

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
‎11-05-2022 19:43 PDT
In response to DEBAL_DAS

Hi @DEBAL_DAS 

I have checked the link shared by you, but the difference is in our case we have content url not the servlet path. How can I give content path and where, is there any option to add content path to resolve this issue. Any suggestion.

 

thanks

Views

40

Replies

0

Total Likes

Translate
Translate