Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Empty CSRF Token

Avatar

Level 8

I'm having an issue with my publish instances returning an empty CSRF token for an anonymous user.  If i log in as any other user, the CSRF token is good to go.  I've checked the permissions on both publish instances and read permissions are in place for /libs/granite/csrf/token for both anonymous/everyone.

Any ideas?

7 Replies

Avatar

Level 10

I am checking with internal Adobe ppl to see if this is a known issue. 

Avatar

Level 10

Support responded:

CSRF token is not supported for anonymous users on the publish instance

Avatar

Level 8

So, if i have a form that i'm trying to submit and it's getting a 403 because it's being submitted by an anonymous user because the CSRF token is invalid - that's expected?  I can't believe that's the case.

Avatar

Employee

Hi,

I think what is meant here is that the CSRF check should only happen for authenticated users. For anonymous users, the check shouldn't be applied. Can you confirm you are getting the CSRF error in your logs on the publish instance for an anonymous user?

Regards,

Opkar