Hi All,
Recently we have upgraded from AEM 6.0 to AEM 6.2.From 6.1 on wards there is a new security feature implemented and it's looks for csrf token generation when doing the ant POST,PUT and DELETE operation.I have observed one thing that token is generating when log-in into author and publish instances but this token is not generating when accessing live site pages through dispatcher or AKAMAI.We also made changes in dispatcher side to allow this token generation but still no new token is generating.
What are the other changes required to generate the token?
Thanks,
Kishore.
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Kishkore,
Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.
Regards,
Peter
Hi Kishkore,
Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.
Regards,
Peter
The CSRF token is not required for GET requests, or anonymous requests.
AEM requires a valid CSRF token to be sent for authenticated POST, __PUT, or DELETE HTTP requests to both AEM Author and Publish services.
For details: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c....
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies