Can we remove POST filter from CSRF Filter and Sling Referrer Configuration | Community
Skip to main content
S
skadobe9
April 12, 2021
Solved

Can we remove POST filter from CSRF Filter and Sling Referrer Configuration

  • April 12, 2021
  • 1 reply
  • 1490 views

I created Custom Forms(not using AEM forms product) for my internal project, and it is working correctly external domain(www.example.com). Still, when the author tries to publish the form in the author instance, it throws a forbidden error in the console. After debugging the issue, when I remove the POST filter from Both the CSRF filter and Sling referrer configuration, it works well in the Author instance.

 

Question: in our OOTB configuration, we have a POST filter by default, so are there any cons for deleting the POST filter from these two configurations, or is there any other way I can solve this forbidden issue? Please let me know.

Sling referrer -

CSRF filter

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by user05162

Instead of removing POST(Not safe), you can allow specific hosts that can make POST calls to AEM in the "Allowed Hosts" section. EX: If www.example.com is making a POST call to AEM which is failing, you can add "allowed host"= "www.example.com" and it should start working. Share the error.log if this is still failing

1 reply

U
Adobe Employee
user05162Adobe EmployeeAccepted solution
Adobe Employee
April 12, 2021

Instead of removing POST(Not safe), you can allow specific hosts that can make POST calls to AEM in the "Allowed Hosts" section. EX: If www.example.com is making a POST call to AEM which is failing, you can add "allowed host"= "www.example.com" and it should start working. Share the error.log if this is still failing

    S
    skadobe9Author
    April 16, 2021

    @user05162 Can we remove POST filter method from CSRF filter?

    Terms & ConditionsAccessibility statement

    Loading footer...