Highlighted

Configuring Dispatcher to Prevent CSRF Attacks | AEM Community Discussion

Avatar

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

965

Correct Answer

1.1K

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

965

Correct Answer

1.1K
kautuk_sahni
Community Manager

10-05-2020

BlogImage.jpg

Configuring Dispatcher to Prevent CSRF Attacks by Adobe Docs

Abstract

AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks. In order to properly make use of this framework, you need to make the following changes to your dispatcher configuration:

1. In the /clientheaders section of your author-farm.any and publish-farm.any, add the following entry to the bottom of the list: CSRF-Token

2. In the /filters section of your author-farm.any and publish-farm.any or publish-filters.any file, add the following line to allow requests for /libs/granite/csrf/token.json through the dispatcher. /0999 { /type "allow" /glob " * /libs/granite/csrf/token.json*" }

3. Under the /cache /rules section of your publish-farm.any , add a rule to block the dispatcher from caching the token.json file. Typically authors bypass caching, so you should not need to add the rule into your author-farm.any . /0999 { /glob "/libs/granite/csrf/token.json" /type "deny" }

Read Full Blog

Configuring Dispatcher to Prevent CSRF Attacks

Q&A

Please use this thread to ask the related questions.

Adobe Experience Manager as a Cloud Service AEM AEMACS AEMCS AEMIBlogSeeding Experience Manager