hi Team ,
Need some urgent help on the following issue for my project. We are on AEM 6.5.3.
PROBLEM DESCRIPTION
On our production sites, when some of the users, submit forms, they see a broken page instead of a proper thank you page. This is an intermittent issue but has an impact on a large number of users.
LOGS
When checking error logs, we found the below logs. There is no further entry in the error logs on publishers regarding form failure.
02.02.2021 12:21:42.056 *INFO* [10.43.32.27 [1612268502054] POST /content/project_name/language-masters/en/forms/content-preference-center/_jcr_content/root/responsivegrid/maincontentcontainer/100contentcontain/center/form.post.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting 02.02.2021 12:21:42.056 *INFO* [10.43.32.27 [1612268502054] POST /content/project_name/language-masters/en/forms/content-preference-center/_jcr_content/root/responsivegrid/maincontentcontainer/100contentcontain/center/form.post.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid It seems CSRF token is not getting associated with form requests or tokens are getting expired while submitting the form. In our OSGI configuration, we have POST, PUT and DELETE requests added for CSRF filters.
CHECKED THE FOLLOWING
1. The Adobe Granite CSRF Framework config is in an Active state
2. CSRF Servlet Config settings are as below:
3. The CSRF Component state is ACTIVE
4. Adobe Granite CSRF Filter config settings are as below
Let me know what could be a probable reason for this error.
Thanks,
Samiksha
Solved! Go to Solution.
Views
Replies
Total Likes
Are you able to replicate this issue in Stage (lower) environment ?
1) Is this working with direct publish URLs?
2) Validate with ELB url?
3) Is this issue with all domains or few domains?
4) Check the dispatcher configurations
5) Validate by flushing Dispatcher / CDN cache
If above all looks good, work with AMS to validate CDN
Then Check the CDN - if any URLs to whitelist
/libs/granite/csrf path to whitelist on CDN
Are you able to replicate this issue in Stage (lower) environment ?
1) Is this working with direct publish URLs?
2) Validate with ELB url?
3) Is this issue with all domains or few domains?
4) Check the dispatcher configurations
5) Validate by flushing Dispatcher / CDN cache
If above all looks good, work with AMS to validate CDN
Then Check the CDN - if any URLs to whitelist
/libs/granite/csrf path to whitelist on CDN
hi Suresh,
Answering the question below
1) Is this working with direct publish URLs? - Yes
2) Validate with ELB url?
3) Is this issue with all domains or few domains? - WIth all domains
4) Check the dispatcher configurations - Verified the below dispatcher configs
/4321
{
/glob "/libs/granite/csrf/token.json"
/type "deny"
}
5) Validate by flushing Dispatcher / CDN cache - DONE
NOTE: It is noticed that it only occurs when there is an authenticated user session( logged in through a different page) exists in the browser. The form submission is currently unauthenticated, however, if the user is logged in through the support portal of the website, the form submission fails. Since we are not saving this token into our headers, if we move to any form and submit it, the form will get submitted with an empty token but the server treats the user as an authenticated user. Hence mismatch in CSRF tokens.
Thanks,
Samiksha
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes