Adobe Experience Manager Sites & More

akhilraj · 5/23/23

Hi,

After we enabled SAML authentication, all our post calls were failing with 403.

We resolved it by adding "granite.csrf.standalone" clientlib into template level.

But now in EDGE browser, after some idle time, CSRF token generation API(/libs/granite/csrf/token.json_ loading from Edge browser cache and not giving actual token as response.

Because of this all POST calls are failing with 403 until we clear cache manually.

Is there any way we can block this API loading from Disc cache(Browser) ?

Response:

Post Call:

Expected Response:

akhilraj · 5/25/23

Thanks @aanchal-sikka for the information.

Actually, when it was loading from server no-cache was available for cache-control.

But when it is loading from disc it was not available.

And we have fixed the issue now.

Root Cause:

The issue appears to be caused by token.json file cached on the nodes where the issue is observed We have added the rule to disable caching of token.json on publish dispatchers and removed the cached file.

/0003

{

#Deny caching of CSRF token.json

/glob "/libs/granite/csrf/token.json"

/type "deny"

}

token.json cache was available for few dispatchers and it caused the issue. Post clearing dispatcher cache under /srv/www/cache/publish/libs/granite/csrf' resolved the issue.

View solution in original post

nitesh_kumar · 5/23/23

Hi @akhilraj ,

You could make use of cache configuration to control it for specific path(s).

Cache-Control: no-cache

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

Also, validate dispatcher configuration.

Under the /cache /rules section of your publish-farm.any, add a rule to block the dispatcher from caching the token.json file.

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/configuring-...

Hope this helps!

Regards,

Nitesh

akhilraj · 5/24/23

Hi @nitesh_kumar ,

We have this configuration already present.

But in EDGE browser after some time out, then it is loading from Browser cache only. and not giving proper response

somen-sarkar · 5/24/23

Hi @akhilraj ,

So the issue is happening only for Edge browser ? How is the behaviour in Chrome, mozilla etc ?

Thanks,

Somen

akhilraj · 5/24/23

Hi @somen-sarkar ,

issue is available in Chrome as well

If we uncheck Disable cache, it is loading from disc cache. But in lower environment it is always getting data from Server.

aanchal-sikka · 5/25/23

Hello @akhilraj

Can you please verify the value of Cache-control header in the request? For us, its set as no-cache and its not loaded from disk cache

- Do you have an AEM 6.5 or a Cloud Instance?

- If Cloud, could you have possibly used

Define DISABLE_DEFAULT_CACHING

Please try setting the Cache-control header as nocache and check.

Aanchal Sikka

akhilraj · 5/25/23