Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Allow Post request on AEM page from external application

Avatar

Level 2

Hi All,

I am using AEM 6.4. One of our external team is trying to redirect on our AEM page and sending data through form action as POST request but our AEM page is not accessible from third party side. Please suggest how can I allow Post request on AEM page from external side.

I have checked the logs, dispatcher is blocking the request and request is not able to reach upto Publisher.

 

thanks

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@Arun_Patidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

View solution in original post

8 Replies

Avatar

Correct answer by
Community Advisor

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@Arun_Patidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

Avatar

Level 2

@DEBAL_DAS @Arun_Patidar Thanks Arun and Debal for the suggestions. I have updated the configuration on Dispatcher level and added the rule to allow the POST request but I am still not able to access the URL. Now we are getting below error in logs:

"org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request"

 

 Is this error coming because Apache sling Referrer is blocking POST request because of referrer check ?

Can I remove POST method from Filter methods list and check allow empty? But in this case it will allow for all the urls, how can I allow POST request only for one particular URL.

 

Thanks

Avatar

Community Advisor

I will segregate the entire process in two steps.

Step1: we can block all undesired POST requests via dispatcher request and allow the desired one only.

Step2: Make necessary change at Apache sling Referrer Filter to allow that desired POST request to reach AEM.

Avatar

Level 2

Hi @DEBAL_DAS : After updating Apache sling Referrer Filter to allow POST request, 403 error gone but now 500 error is coming on Publisher level.

Please suggest:

05.05.2022 12:17:03.421 *ERROR* [10.112.199.8 [1651778223418] POST /content/kDealer/en/kdealersso.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.

org.apache.sling.api.resource.PersistenceException: Resource at '/content/kDealer/en/kdealersso' is not modifiable.

 

Thanks

Avatar

Level 2

Hi @DEBAL_DAS 

I have checked the link shared by you, but the difference is in our case we have content url not the servlet path. How can I give content path and where, is there any option to add content path to resolve this issue. Any suggestion.

 

thanks