Adobe Experience Manager Sites & More

SiddhiDa1 · 3/25/25

Hi,

I need help with an issue involving an empty and invalid CSRF token when submitting the form. I've already included CSRF token in the client header.

Here are the error logs:

*INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
*INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

could you kindly assist me in finding a solution to fix this error?

Thank you.

giuseppebag · 3/25/25

The error occurs because the CSRF token is either missing, expired, or invalid. Manually fetch the token from /libs/granite/csrf/token.json and include it in headers, ensure forms use the correct hidden input, and validate client/server configurations.

For example:

// Fetch CSRF token for AJAX requests
$.getJSON("/libs/granite/csrf/token.json", function(data) {
    $.ajax({
        url: "/bin/your-servlet",
        type: "POST",
        headers: { "CSRF-Token": data.token },
        // ... other settings
    });
});

Some helpful links:

https://www.albinsblog.com/2023/03/what-is-csrf-how-is-csrf-protection-enabled-in-aem.html

https://stackoverflow.com/a/34130703

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-inva...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting...