Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

How to Disable CSRF token.json in AEM 6.5

Avatar

Level 1

I need to disable the CSRF token.json call in every page load. In developer console, network tab token.json is getting generated which needs to be stopped. Please find the below screenshot for the same:

Sudeshna1992_0-1603092074625.png

I have tried making changes in dispatcher.any by changing "allow" to "deny"

/0013 { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' }

 

And also, I have tried the config change by adding /content path in exclude filter at http://localhost:4504/system/console/configMgr/com.adobe.granite.csrf.impl.CSRFFilter 

 

Referrence URL: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-csrf-on-aem-6-3/td...


Still I am unable to stop the token.json call, Could anyone please help me on how to disable the same.

Thanks in advance!
@arunpatidar @kautuk_sahni @Theo_Pendle @Vijayalakshmi_S @vanegi @BrianKasingli 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @Sudeshna1992,

Please check this post https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-csrf-on-aem-6-3/td...

 

It is not a recommendation to remove the token.json call as this token.json call is used to prevent CSRF attacks and removing this would lead to a major security risk. Please refer to the documentation at [1].

 

If you still want to remove the call, you need to remove all dependencies to "granite.jquery" in the code.

 

[1] https://helpx.adobe.com/ca/experience-manager/6-3/sites/developing/using/csrf-protection.html

[2] https://helpx.adobe.com/experience-manager/6-5/forms/using/admin-help/preventing-csrf-attacks.html

[3] https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/configuring-d...

 

Thanks!!

View solution in original post

1 Reply

Avatar

Correct answer by
Employee

Hi @Sudeshna1992,

Please check this post https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-csrf-on-aem-6-3/td...

 

It is not a recommendation to remove the token.json call as this token.json call is used to prevent CSRF attacks and removing this would lead to a major security risk. Please refer to the documentation at [1].

 

If you still want to remove the call, you need to remove all dependencies to "granite.jquery" in the code.

 

[1] https://helpx.adobe.com/ca/experience-manager/6-3/sites/developing/using/csrf-protection.html

[2] https://helpx.adobe.com/experience-manager/6-5/forms/using/admin-help/preventing-csrf-attacks.html

[3] https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/configuring-d...

 

Thanks!!