Hi @CilonX,
Your POST request is being filtered and restricted by the “Apache Sling Referrer Filter” and “Adobe Granite CSRF Filter”. By default, the Apache Sling Referrer Filter blocks any incoming POST requests, and the Adobe Granite CSRF Filter blocks any incoming POST requests without the CSRF-Token token in the header.
You can solve this by following below steps
- Allow incoming POST request in the Apache Sling Referrer Filter OSGI configurations, and
- Remove the requirement of the CSRF-Token in the Adobe Granite CSRF Filter OSGI configurations.
Steps:
Configure Apache Sling Referrer Filter:
- Enable allow empty
- Remove the POST method from filters
In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Apache Sling Referrer Filter”. Enable the allow empty property, and remove the post method from filters property.

Configure Adobe Granite CSRF Filter
- Remove the POST method from filters
In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Adobe Granite CSRF Filter”. Remove the post method from filters property.

Note: After making configurations to the two OSGI configurations, you should be able to make a POST request from your HTTP REST Client to your AEM instance.
For production, set Apache Sling Referrer Filter and Adobe Granite CSRF Filter settings back to default. Unless if you are giving access to other servers to make POST requests to your AEM application.
Hope that helps you!
Regards,
Santosh
Santosh Sai

