Expand my Community achievements bar.

SOLVED

csrf url redirection

Avatar

Former Community Member

I am getting 404 Not Found error for libs/granite/csrf/token.json

and following is logged on console: Unable to read CSRF meta information

What I have done is deployed my app to an instance other than the publish instance http://localhost:4503 which is https://something.org

but I get this error on the browser console https://something.org/libs/granite/csrf/token.json 404 not found.

I have read other posts involving csrf/token, but my problem is related to deployed instance.

My form submissions and request sending using jQuery and ajax  aren't working aswell, I get the same 404 not found error.

Please advice!

1 Accepted Solution

Avatar

Correct answer by
Level 10

Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prev...

View solution in original post

3 Replies

Avatar

Correct answer by
Level 10

Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prev...

Avatar

Level 9

Hi Jamesf2016,

As @Sham suggested, just make sure, your http/https call is allowed at dispatcher level. As you know, most of the time, all JSON calls are denied at the dispatcher. So, let that filter be as it is and adds another filter to allow your call (token.json)

Jitendra

Avatar

Level 7

@Jitendra S.Tomar : Could yo please tell me about http/https filter ocnfiguration? any example ?

Just to give the background, application is migrated from AEM 6.1 to AEM 6.3 ( Environment : Windows 7 OS, IE11 browser).

On AEM 6.1, application does not have any issues through dispatcher url.

On AEM 6.3, when application accessed through dispatcher url:

AEM 6.3 not sending some of the ajax POST webservice requests to the backend server. ( all webservice requests are channeled through an AEM Servlet)

In dispatcher.any file, I do have the /libs/ .../csrf/* as allow in the filter section.

if I access, publish url directly, all ajax service calls are going through and I see the pages loading properly.

Do I need to add "CSRF-TOKEN" in clientheaders section of dispatcher.any file?

Do I need to have "CSRF-TOKEN" defined in application as some meta tag?

Could you please shed some light on this behavior ?