Configuring Dispatcher to Prevent CSRF Attacks | AEM Community Discussion
Configuring Dispatcher to Prevent CSRF Attacks by Adobe Docs
Abstract
AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks. In order to properly make use of this framework, you need to make the following changes to your dispatcher configuration:
1. In the /clientheaders section of your author-farm.any and publish-farm.any, add the following entry to the bottom of the list: CSRF-Token
2. In the /filters section of your author-farm.any and publish-farm.any or publish-filters.any file, add the following line to allow requests for /libs/granite/csrf/token.json through the dispatcher. /0999 { /type "allow" /glob " * /libs/granite/csrf/token.json*" }
3. Under the /cache /rules section of your publish-farm.any , add a rule to block the dispatcher from caching the token.json file. Typically authors bypass caching, so you should not need to add the rule into your author-farm.any . /0999 { /glob "/libs/granite/csrf/token.json" /type "deny" }
Read Full Blog
Configuring Dispatcher to Prevent CSRF Attacks
Q&A
Please use this thread to ask the related questions.
Kautuk Sahni
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
