Adobe Experience Manager Sites & More

GK-AEM · 11/21/16

Hi All,

Recently we have upgraded from AEM 6.0 to AEM 6.2.From 6.1 on wards there is a new security feature implemented and it's looks for csrf token generation when doing the ant POST,PUT and DELETE operation.I have observed one thing that token is generating when log-in into author and publish instances but this token is not generating when accessing live site pages through dispatcher or AKAMAI.We also made changes in dispatcher side to allow this token generation but still no new token is generating.

What are the other changes required to generate the token?

Thanks,

Kishore.

Peter_Puzanovs · 11/21/16

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

View solution in original post

Peter_Puzanovs · 11/21/16

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

aanchal-sikka · 12/26/23

The CSRF token is not required for GET requests, or anonymous requests.

AEM requires a valid CSRF token to be sent for authenticated POST, __PUT, or DELETE HTTP requests to both AEM Author and Publish services.

For details: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c....

Aanchal Sikka