csrf token is available when logged into publish environment.
csrf token is not avilable when logged out of aem publish environment
csrf token is not available all the time on dispatcher environment whether you logged into publish or not.
Dispatcher:
Application is accessed using dispatcher url:
POST ajax requests are failing when token is not available on IE (promis.reject), in chrome it is silently going into promise resolve method of csrf.js even though token is not available.
Am I missing anything here?
Application does not depend on client library granite.jquery or cq.jquery but it seems by default AEM 6.3 has this feature enabled and for all ajax requests csrf.js file code gets executed.
I appreciate any help.
Thanks,
Sreeni
Views
Replies
Total Likes
Checking with our internal Dispatcher experts here.
Views
Replies
Total Likes
They replied:
They have to allow /libs/granite/csrf/token.json via the dispatcher any filter rules. Also, csrf/token.json doesn’t work for anonymous form POST requests, only for ones where the user is logged in.
Views
Replies
Total Likes
Application has filter to allow /libs/granite/csrf/token.json.
User is always anonymous and unauthenticated, when accessing application through dispatcher url.
token.json always returns empty response {} as user is anonymous .
promise code inside csrf.js intermittently executing promise.resolve, promise.reject for POST requests, when code executes following lines, application hangs.
promise.then(function(token) {
self.setRequestHeader(HEADER_NAME, token);
send.apply(self, args);
}, function() {
if (window.console) {
console.error('Unable to read CSRF meta information');
}
send.apply(self, args);
});
Thanks,
Sreeni
Views
Replies
Total Likes
Contexhub related calls giving "invalidstateerror" and then "Unable to read csrf meta information".
If I disable contexthub, page works fine.
Thanks,
Sreeni
Views
Replies
Total Likes
I recommend checking this with Support as there could be a bug. I am not reading anything in the docs to suggest that this is normal behavior.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies