Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

CSRF token is not generating when accessing live site pages[Dispatcher/AKAMAI]

Avatar

Level 9

Hi All,

Recently we have upgraded from AEM 6.0 to AEM 6.2.From 6.1 on wards there is a new security feature implemented and it's looks for csrf token generation when doing the ant POST,PUT and DELETE operation.I have observed one thing that token is generating when log-in into author and publish instances but this token is not generating when accessing live site pages through dispatcher or AKAMAI.We also made changes in dispatcher side to allow this token generation but still no new token is generating.

What are the other changes required to generate the token?

Thanks,

Kishore.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi Kishkore,

Yes, you need to set Akamai for that path with rule DO_NOT_CACHE as well as configure Dispatcher to do not cache your CSRF tokens.

Regards,

Peter

Avatar

Community Advisor

The CSRF token is not required for GET requests, or anonymous requests.

 

AEM requires a valid CSRF token to be sent for authenticated POST, __PUT, or DELETE HTTP requests to both AEM Author and Publish services.

 

For details: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c....


Aanchal Sikka