Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Getting 404 for csrf token

Avatar

Level 2

Hi Team,

 

In dispatcher we are getting 404 for the csrf token. We are facing this issue only in the dispatcher level.

We have added below dispatcher configurations:

1) In clientheaders - "CSRF-Token" is added

2) In filters we have allowed the csrf token

/044 {
/selectors ''
/extension 'json'
/type "allow"
/method "GET"
/path '/libs/granite/csrf/token'
/suffix ''
}

3) We have added the below clientlib category - 

granite.csrf.standalone

 

Vanitha_Duraisamy_0-1683287055533.png

 

Please let me know if you've any possible solutions.

 

@Vijayalakshmi_S  @arunpatidar @Suraj_Kamdi 

1 Accepted Solution

Avatar

Correct answer by
Level 2

Thanks for all the responses.

The issue got resolved after removing the below clientlibrary category from our code.

<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>

View solution in original post

6 Replies

Avatar

Community Advisor

Hello @Vanitha_Duraisamy 

I have faced a similar type issue with the author

Then I had to fetch the CSRF token first then did the actual Ajax call.

let xhttp = new XMLHttpRequest();
            xhttp.open('GET', "/libs/granite/csrf/token.json", true);

            xhttp.onload = function() {
                if (xhttp.status === 200) {
                    let response = JSON.parse(xhttp.responseText);
                    let csrfToken = response.token;

                    let xhr = new XMLHttpRequest();
                    xhr.open("POST", url, true);
                    xhr.setRequestHeader('CSRF-Token', csrfToken);

                    xhr.onreadystatechange = function() {
                        if (this.readyState === XMLHttpRequest.DONE && this.status === 200) {
                        //     do rest of the things
                        }
                    };
                    xhr.send(JSON.stringify(data));
                }
            };

            xhttp.send();
        });

I am not sure but maybe you will get an idea from it.

Thanks @AsifChowdhury 

Our Ajax calls are working, we are getting this 404 error for csrf token in the page load for all the pages.

Also we are getting this error only in the dispatcher.

Avatar

Community Advisor

Add below caching rule to disallow caching for token path

{ /glob "/libs/granite/csrf/token.json" /type "deny" }

 

Avatar

Correct answer by
Level 2

Thanks for all the responses.

The issue got resolved after removing the below clientlibrary category from our code.

<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>