Hi all,
I am using the Ajax call the post servlet and is getting the 403 forbidden error in the aurhor instance.
In the AEM 6.1, I can call "/libs/granite/csrf/token.json" to get the token and the set the this token to the header of the Ajax. Then Ajax can successfully call the post servlet.
headers: {
"X-CSRFToken": token,
"CSRF-Token": token
}
But in the AEM 6.5, even I have set the header, but still getting the 403 error. Does anyone know how to fix it in the AEM 6.5.
BTW : I don't want to change OSGI, I just want a way to change the code of the JS and HTML to fix it.
Thanks,
Forrest
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @ForrestLi
Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?
That's weird. It should work if you are logged in.
By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.
Thanks!
Views
Replies
Total Likes
Hi @ForrestLi
Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?
That's weird. It should work if you are logged in.
By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.
Thanks!
Views
Replies
Total Likes
Interesting!!!
Im the AEM 6.1, I need to add header to call post servlet. But in the AEM 6.5, I just removed the header and then I can call post servelt without 403 error.
Views
Replies
Total Likes