Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Configuring Dispatcher to Prevent CSRF Attacks | AEM Community Discussion

kautuk_sahni
Community Manager
Community Manager

BlogImage.jpg

Configuring Dispatcher to Prevent CSRF Attacks by Adobe Docs

Abstract

AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks. In order to properly make use of this framework, you need to make the following changes to your dispatcher configuration:

1. In the /clientheaders section of your author-farm.any and publish-farm.any, add the following entry to the bottom of the list: CSRF-Token

2. In the /filters section of your author-farm.any and publish-farm.any or publish-filters.any file, add the following line to allow requests for /libs/granite/csrf/token.json through the dispatcher. /0999 { /type "allow" /glob " * /libs/granite/csrf/token.json*" }

3. Under the /cache /rules section of your publish-farm.any , add a rule to block the dispatcher from caching the token.json file. Typically authors bypass caching, so you should not need to add the rule into your author-farm.any . /0999 { /glob "/libs/granite/csrf/token.json" /type "deny" }

Read Full Blog

Configuring Dispatcher to Prevent CSRF Attacks

Q&A

Please use this thread to ask the related questions.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

0 Replies