Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Can we remove POST filter from CSRF Filter and Sling Referrer Configuration

Avatar

Avatar
Level 1
skadobe9
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile

Avatar
Level 1
skadobe9
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile
skadobe9
Level 1

12-04-2021

I created Custom Forms(not using AEM forms product) for my internal project, and it is working correctly external domain(www.example.com). Still, when the author tries to publish the form in the author instance, it throws a forbidden error in the console. After debugging the issue, when I remove the POST filter from Both the CSRF filter and Sling referrer configuration, it works well in the Author instance.

 

Question: in our OOTB configuration, we have a POST filter by default, so are there any cons for deleting the POST filter from these two configurations, or is there any other way I can solve this forbidden issue? Please let me know.

Sling referrer -

saiduluk8166139_0-1618247828206.png

CSRF filter

saiduluk8166139_1-1618247873894.png

 

AEM 6.5.6 Configuration

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

377 likes

Total Posts

867 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

377 likes

Total Posts

867 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

12-04-2021

Instead of removing POST(Not safe), you can allow specific hosts that can make POST calls to AEM in the "Allowed Hosts" section. EX: If www.example.com is making a POST call to AEM which is failing, you can add "allowed host"= "www.example.com" and it should start working. Share the error.log if this is still failing

Answers (0)