Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

CSRF-Token is not working in AEM 6.5

ForrestLi
Level 2
Level 2

Hi all,

 

I am using the Ajax call the post servlet and is getting the 403 forbidden error in the aurhor instance.

 

In the AEM 6.1, I can call "/libs/granite/csrf/token.json" to get the token and the set the this token to the header of the Ajax. Then Ajax can successfully call the post servlet.

 

headers: {
"X-CSRFToken": token,
"CSRF-Token": token
} 

 

 

But in the AEM 6.5, even I have set the header, but still getting the 403 error.  Does anyone know how to fix it in the AEM 6.5. 

 

BTW : I don't want to change OSGI, I just want a way to change the code of the JS and HTML to fix it. 

 

Thanks,

Forrest

1 Accepted Solution
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @ForrestLi 

 

Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?

That's weird. It should work if you are logged in.

 

By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.

 

Thanks!

View solution in original post

2 Replies
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @ForrestLi 

 

Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?

That's weird. It should work if you are logged in.

 

By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.

 

Thanks!

View solution in original post

ForrestLi
Level 2
Level 2

Interesting!!!

Im the AEM 6.1, I need to add header to call post servlet. But in the AEM 6.5, I just removed the header and then I can call post servelt without 403 error.