Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

CSRF token is not generating when accessing live site pages[Dispatcher/AKAMAI]

Avatar

Level 9

Hi All,

Recently we have upgraded from AEM 6.0 to AEM 6.2.From 6.1 on wards there is a new security feature implemented and it's looks for csrf token generation when doing the ant POST,PUT and DELETE operation.I have observed one thing that token is generating when log-in into author and publish instances but this token is not generating when accessing live site pages through dispatcher or AKAMAI.We also made changes in dispatcher side to allow this token generation but still no new token is generating.

What are the other changes required to generate the token?

Thanks,

Kishore.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

Avatar

Community Advisor

The CSRF token is not required for GET requests, or anonymous requests.

 

AEM requires a valid CSRF token to be sent for authenticated POST, __PUT, or DELETE HTTP requests to both AEM Author and Publish services.

 

For details: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c....


Aanchal Sikka