Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

How to Disable CSRF token.json in AEM 6.5

Avatar

Avatar
Level 1
Sudeshna1992
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
View profile

Avatar
Level 1
Sudeshna1992
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
View profile
Sudeshna1992
Level 1

19-10-2020

I need to disable the CSRF token.json call in every page load. In developer console, network tab token.json is getting generated which needs to be stopped. Please find the below screenshot for the same:

Sudeshna1992_0-1603092074625.png

I have tried making changes in dispatcher.any by changing "allow" to "deny"

/0013 { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' }

 

And also, I have tried the config change by adding /content path in exclude filter at http://localhost:4504/system/console/configMgr/com.adobe.granite.csrf.impl.CSRFFilter 

 

Referrence URL: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-csrf-on-aem-6-3/td...


Still I am unable to stop the token.json call, Could anyone please help me on how to disable the same.

Thanks in advance!
@Arun_Patidar @kautuk_sahni @Theo_Pendle @Vijayalakshmi_S @vanegi @BrianKasingli 

AEM 6.5 Configuration CSRF Token Dispatcher dispatcher.any osgi Touch UI

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct Reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct Reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
vanegi
Employee

19-10-2020

Hi @Sudeshna1992,

Please check this post https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-csrf-on-aem-6-3/td...

 

It is not a recommendation to remove the token.json call as this token.json call is used to prevent CSRF attacks and removing this would lead to a major security risk. Please refer to the documentation at [1].

 

If you still want to remove the call, you need to remove all dependencies to "granite.jquery" in the code.

 

[1] https://helpx.adobe.com/ca/experience-manager/6-3/sites/developing/using/csrf-protection.html

[2] https://helpx.adobe.com/experience-manager/6-5/forms/using/admin-help/preventing-csrf-attacks.html

[3] https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/configuring-d...

 

Thanks!!

Answers (0)