CSRF token call giving empty response in AEM publish

Avatar

Avatar

nitinfuture

Avatar

nitinfuture

nitinfuture

20-08-2020

I am using CSRF token header in post form submission. In author instance, I am able to get CSRF token through call to /libs/granite/csrf/token.json but same call in publish instance is giving empty json i.e. { } when I am accessing it an anonymous user. Please let me know if there are any step to get valid CSRF token publish instance.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

ChitraMadan

MVP

Avatar

ChitraMadan

MVP

ChitraMadan
MVP

20-08-2020

Hi @nitinfuture ,

 

CSRF is meant to protect authenticated sessions. The basic idea is: the server provides a CSRF token to the client for all authenticated sessions. The client should pass the same CSRF token to the server with each subsequent request. So if a request came without the token, the server should ignore / log it. Your CSRF token should ideally only be passed to the client upon authentication.

 

https://docs.adobe.com/content/help/en/experience-manager-65/developing/introduction/csrf-protection...

 

Screenshot 2020-08-21 at 00.15.52.png

However, you can make an AJAX request to the CSRF token endpoint (/libs/granite/csrf/token.json), and include the returned token in your servlet request as the “CSRF-Token” header. Please add below mentioned configurations in your dispatcher:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/configuring-dispatcher-to-...

Answers (0)