CSRF token call giving empty response in AEM publish

Avatar

Avatar
Level 1
nitinfuture
Level 1

Likes

0 likes

Total Posts

2 posts

Correct reply

0 solutions
View profile

Avatar
Level 1
nitinfuture
Level 1

Likes

0 likes

Total Posts

2 posts

Correct reply

0 solutions
View profile
nitinfuture
Level 1

20-08-2020

I am using CSRF token header in post form submission. In author instance, I am able to get CSRF token through call to /libs/granite/csrf/token.json but same call in publish instance is giving empty json i.e. { } when I am accessing it an anonymous user. Please let me know if there are any step to get valid CSRF token publish instance.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 250
MVP
ChitraMadan
MVP

Likes

273 likes

Total Posts

165 posts

Correct reply

67 solutions
Top badges earned
Boost 250
Establish
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Boost 250
MVP
ChitraMadan
MVP

Likes

273 likes

Total Posts

165 posts

Correct reply

67 solutions
Top badges earned
Boost 250
Establish
Ignite 1
Give Back 5
Give Back 3
View profile
ChitraMadan
MVP

20-08-2020

Hi @nitinfuture ,

 

CSRF is meant to protect authenticated sessions. The basic idea is: the server provides a CSRF token to the client for all authenticated sessions. The client should pass the same CSRF token to the server with each subsequent request. So if a request came without the token, the server should ignore / log it. Your CSRF token should ideally only be passed to the client upon authentication.

 

https://docs.adobe.com/content/help/en/experience-manager-65/developing/introduction/csrf-protection...

 

Screenshot 2020-08-21 at 00.15.52.png

However, you can make an AJAX request to the CSRF token endpoint (/libs/granite/csrf/token.json), and include the returned token in your servlet request as the “CSRF-Token” header. Please add below mentioned configurations in your dispatcher:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/configuring-dispatcher-to-...

Answers (0)