csrf url redirection | Community
Skip to main content
A
Anonymous
January 7, 2016
Solved

csrf url redirection

  • January 7, 2016
  • 3 replies
  • 2509 views

I am getting 404 Not Found error for libs/granite/csrf/token.json

and following is logged on console: Unable to read CSRF meta information

What I have done is deployed my app to an instance other than the publish instance http://localhost:4503 which is https://something.org

but I get this error on the browser console https://something.org/libs/granite/csrf/token.json 404 not found.

I have read other posts involving csrf/token, but my problem is related to deployed instance.

My form submissions and request sending using jQuery and ajax  aren't working aswell, I get the same 404 not found error.

Please advice!

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Sham_HC

    Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prevent%20CSRF%20Attacks

    3 replies

    Sham_HC
    Sham_HCAccepted solution
    January 7, 2016

    Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prevent%20CSRF%20Attacks

      Jitendra_S_Toma
      Jitendra_S_Toma
      January 8, 2016

      Hi Jamesf2016,

      As @Sham suggested, just make sure, your http/https call is allowed at dispatcher level. As you know, most of the time, all JSON calls are denied at the dispatcher. So, let that filter be as it is and adds another filter to allow your call (token.json)

      Jitendra

      sreenu539
      sreenu539
      November 30, 2017

      @Jitendra S.Tomar : Could yo please tell me about http/https filter ocnfiguration? any example ?

      Just to give the background, application is migrated from AEM 6.1 to AEM 6.3 ( Environment : Windows 7 OS, IE11 browser).

      On AEM 6.1, application does not have any issues through dispatcher url.

      On AEM 6.3, when application accessed through dispatcher url:

      AEM 6.3 not sending some of the ajax POST webservice requests to the backend server. ( all webservice requests are channeled through an AEM Servlet)

      In dispatcher.any file, I do have the /libs/ .../csrf/* as allow in the filter section.

      if I access, publish url directly, all ajax service calls are going through and I see the pages loading properly.

      Do I need to add "CSRF-TOKEN" in clientheaders section of dispatcher.any file?

      Do I need to have "CSRF-TOKEN" defined in application as some meta tag?

      Could you please shed some light on this behavior ?

      Terms & ConditionsAccessibility statement

      Loading footer...