Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Empty CSRF token in Publish

Avatar

Level 3

I read in some post. if you are accessing the web pages as anonymous user, CSRF token will be empty string. Is this means in publish environment CSRF token will be empty? 

1 Accepted Solution

Avatar

Correct answer by
Level 9

Hi Chandran,

   CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called.  Hence empty string for anonymous is not a valid case.    

Thanks,

View solution in original post

3 Replies

Avatar

Correct answer by
Level 9

Hi Chandran,

   CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called.  Hence empty string for anonymous is not a valid case.    

Thanks,

Avatar

Level 3

MC Stuff wrote...

Hi Chandran,

   CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called.  Hence empty string for anonymous is not a valid case.    

Thanks,

 

Thanks MC,this means in publish environment if end users accessing the page CSRF token will be empty? 


Is there any way can have some authenticated pages in publish environment, it should create some default session but it should be accessed by end user (anonymous user).

Avatar

Level 9

Hi Chandran,

   For anonymous csrf will not be called that means does not exist only so no question of empty.  

Ofcourse there are some scenarios like mentioned below can cause such issue.   If you can investigate har with persistance log enabled can help to find the cause.  https://confluence.atlassian.com/kb/generating-har-files-and-analysing-web-requests-720420612.html

  • mis configration of PSC implementation OR
  • load balancer truncating headers as empty instead of anonymous OR
  • usage of non standard browser OR
  • Traffic is allowed to publisher even before server is complete up etc...

Thanks,