Adobe Experience Manager Sites & More

ForrestLi · 8/26/21

Hi all,

I am using the Ajax call the post servlet and is getting the 403 forbidden error in the aurhor instance.

In the AEM 6.1, I can call "/libs/granite/csrf/token.json" to get the token and the set the this token to the header of the Ajax. Then Ajax can successfully call the post servlet.

headers: {
"X-CSRFToken": token,
"CSRF-Token": token
}

But in the AEM 6.5, even I have set the header, but still getting the 403 error. Does anyone know how to fix it in the AEM 6.5.

BTW : I don't want to change OSGI, I just want a way to change the code of the JS and HTML to fix it.

Thanks,

Forrest

Asutosh_Jena_ · 8/26/21

Hi @ForrestLi

Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?

That's weird. It should work if you are logged in.

By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.

Thanks!

View solution in original post

Asutosh_Jena_ · 8/26/21

Hi @ForrestLi

Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?

That's weird. It should work if you are logged in.

By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.

Thanks!

ForrestLi · 8/27/21

Interesting!!!

Im the AEM 6.1, I need to add header to call post servlet. But in the AEM 6.5, I just removed the header and then I can call post servelt without 403 error.

Adobe Experience Manager Sites & More

CSRF-Token is not working in AEM 6.5

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe