Adobe Experience Manager Sites & More

leeasling · 5/19/16

I'm having an issue with my publish instances returning an empty CSRF token for an anonymous user. If i log in as any other user, the CSRF token is good to go. I've checked the permissions on both publish instances and read permissions are in place for /libs/granite/csrf/token for both anonymous/everyone.

Any ideas?

smacdonald2008 · 5/19/16

I am checking with internal Adobe ppl to see if this is a known issue.

leeasling · 5/19/16

Thanks Scott. It's 6.1 with SP1 installed.

smacdonald2008 · 5/19/16

Support responded:

CSRF token is not supported for anonymous users on the publish instance

leeasling · 5/19/16

So, if i have a form that i'm trying to submit and it's getting a 403 because it's being submitted by an anonymous user because the CSRF token is invalid - that's expected? I can't believe that's the case.

smacdonald2008 · 5/19/16

I am following up here.

Opkar_Gill · 5/20/16

Hi,

I think what is meant here is that the CSRF check should only happen for authenticated users. For anonymous users, the check shouldn't be applied. Can you confirm you are getting the CSRF error in your logs on the publish instance for an anonymous user?

Regards,

Opkar

leeasling · 5/20/16

i can confirm that is what is happening

Adobe Experience Manager Sites & More

Empty CSRF Token

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe