Expand my Community achievements bar.

SOLVED

csrf url redirection

Avatar

Former Community Member
1/7/16 1:19:14 AM

I am getting 404 Not Found error for libs/granite/csrf/token.json

and following is logged on console: Unable to read CSRF meta information

What I have done is deployed my app to an instance other than the publish instance http://localhost:4503 which is https://something.org

but I get this error on the browser console https://something.org/libs/granite/csrf/token.json 404 not found.

I have read other posts involving csrf/token, but my problem is related to deployed instance.

My form submissions and request sending using jQuery and ajax  aren't working aswell, I get the same 404 not found error.

Please advice!

Views

2.1K

Replies

3

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
1/7/16 12:20:05 PM

Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prev...

View solution in original post

Views

906

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
1/7/16 12:20:05 PM

Aem 6.1 introduced crf and for any post request it should have valid token.   Verify your dispatcher.any & in filter allow for the same. Details at https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#Configure%20Dispatcher%20to%20prev...

Views

907

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 9
Level 9
1/7/16 8:13:43 PM

Hi Jamesf2016,

As @Sham suggested, just make sure, your http/https call is allowed at dispatcher level. As you know, most of the time, all JSON calls are denied at the dispatcher. So, let that filter be as it is and adds another filter to allow your call (token.json)

Jitendra

Views

875

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
11/30/17 7:27:23 AM

@Jitendra S.Tomar : Could yo please tell me about http/https filter ocnfiguration? any example ?

Just to give the background, application is migrated from AEM 6.1 to AEM 6.3 ( Environment : Windows 7 OS, IE11 browser).

On AEM 6.1, application does not have any issues through dispatcher url.

On AEM 6.3, when application accessed through dispatcher url:

AEM 6.3 not sending some of the ajax POST webservice requests to the backend server. ( all webservice requests are channeled through an AEM Servlet)

In dispatcher.any file, I do have the /libs/ .../csrf/* as allow in the filter section.

if I access, publish url directly, all ajax service calls are going through and I see the pages loading properly.

Do I need to add "CSRF-TOKEN" in clientheaders section of dispatcher.any file?

Do I need to have "CSRF-TOKEN" defined in application as some meta tag?

Could you please shed some light on this behavior ?

Views

947

Replies

0
Sign in to like this content

Total Likes

Translate
Translate