Getting CSRF token as invalid on POST servlet call.

Avatar

Avatar
Validate 1
Level 1
mohamed_harish
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 1
mohamed_harish
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Affirm 1
View profile
mohamed_harish
Level 1

23-04-2018

Hi All,

Facing CSRF token issue on accessing a Servlet from Dispatcher URL.

Version: AEM 6.3

The Servlet is working as expected in Publish Instance.

On accessing the same through Dispatcher, getting the below errors on Publish error logs:

18.04.2018 04:02:44.014 *INFO* [10.226.233.136 [1524038564013] POST /bin/project-name/favoriteservlet HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting

18.04.2018 04:02:44.014 *INFO* [10.226.233.136 [1524038564013] POST /bin/project-name/favoriteservlet HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

18.04.2018 04:02:44.015 *WARN* [10.226.233.136 [1524038564013] POST /bin/project-name/favoriteservlet HTTP/1.1] com.day.cq.wcm.core.impl.components.ComponentCacheImpl Requested Path /bin/project-name/favoriteservlet.servlet is not in available search paths

Please note that below clientlibs are available in the page:

granite.csrf.standalone

cq.jquery

Could anyone please help me out.

View Entire Topic

Avatar

Avatar
Level 1
VijayShankarV
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile

Avatar
Level 1
VijayShankarV
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile
VijayShankarV
Level 1

26-04-2018

Thanks for the response, Peter.

I have verified the Dispatcher settings.

Below are the statements for reference:

Under >>filter

/0032 { /type "allow" /glob "* /libs/granite/csrf/token.json *"   }

Under >>Cache >>rules

/0999 { /glob "/libs/granite/csrf/token.json" /type "deny" }

However, the servlet works when excluding the servlet path from CSRF Filter.

Under System Config >> Adobe Granite CSRF Filter >> Added the servlets to the Excluded Paths ("filter.excluded.paths").

Looking for a permanent solution in this regard.