Hi Team,
In dispatcher we are getting 404 for the csrf token. We are facing this issue only in the dispatcher level.
We have added below dispatcher configurations:
1) In clientheaders - "CSRF-Token" is added
2) In filters we have allowed the csrf token
/044 {
/selectors ''
/extension 'json'
/type "allow"
/method "GET"
/path '/libs/granite/csrf/token'
/suffix ''
}
3) We have added the below clientlib category -
Please let me know if you've any possible solutions.
@Vijayalakshmi_S @arunpatidar @Suraj_Kamdi
Solved! Go to Solution.
Views
Replies
Total Likes
Thanks for all the responses.
The issue got resolved after removing the below clientlibrary category from our code.
<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>
Hello @Vanitha_Duraisamy
I have faced a similar type issue with the author
Then I had to fetch the CSRF token first then did the actual Ajax call.
let xhttp = new XMLHttpRequest();
xhttp.open('GET', "/libs/granite/csrf/token.json", true);
xhttp.onload = function() {
if (xhttp.status === 200) {
let response = JSON.parse(xhttp.responseText);
let csrfToken = response.token;
let xhr = new XMLHttpRequest();
xhr.open("POST", url, true);
xhr.setRequestHeader('CSRF-Token', csrfToken);
xhr.onreadystatechange = function() {
if (this.readyState === XMLHttpRequest.DONE && this.status === 200) {
// do rest of the things
}
};
xhr.send(JSON.stringify(data));
}
};
xhttp.send();
});
I am not sure but maybe you will get an idea from it.
Thanks @AsifChowdhury
Our Ajax calls are working, we are getting this 404 error for csrf token in the page load for all the pages.
Also we are getting this error only in the dispatcher.
Check Apache Sling Referrer Filter configuration
Ref: https://sourcedcode.com/blog/aem/in-aem-what-is-the-apache-sling-referrer-filter-osgi-configuration
Add below caching rule to disallow caching for token path
{ /glob "/libs/granite/csrf/token.json" /type "deny" }
Thanks for all the responses.
The issue got resolved after removing the below clientlibrary category from our code.
<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>
Views
Likes
Replies
Views
Likes
Replies