Expand my Community achievements bar.

SOLVED

Intended use case for granite.jquery's csrf.js

Avatar

Level 4
Level 4
10/27/15 2:20:55 PM

We’re running into some Javascript errors in Internet Explorer that we’ve tracked down to /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js

Specifically, the line handleForm(result.contentWindow.document)is a problem when an iframe contains content from a different domain.

I suspect I can set up an overlay to work around this, but wanted to get some input as far as what the intended use case for this behavior is, or if there are specific components in AEM that are relying on it, so we can be prepared for any future problems that may arise.

Thanks

Views

960

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/27/15 4:14:32 PM

Hi,

some details here [1][2], as Scott mentioned it is part of the security framework in AEM and as such should not be modified. If you have specific issues, I'd suggest raising a support ticket.

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security.html

[2] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

View solution in original post

Views

640

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 10
Level 10
10/27/15 2:43:42 PM

FRom reading the code - looks like this is helping against:

https://en.wikipedia.org/wiki/Cross-site_request_forgery

Also- i sent this question other Adobe ppl so they can help with this question. 

Views

639

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
10/27/15 4:14:32 PM

Hi,

some details here [1][2], as Scott mentioned it is part of the security framework in AEM and as such should not be modified. If you have specific issues, I'd suggest raising a support ticket.

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security.html

[2] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

Views

641

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
12/7/15 2:29:03 AM

Hi,

We are using google Recaptcha  as a component on our forms.It is not able to get the options which we have to select to solve the recaptcha, it is continuously loading. We are facing this problem in IE11,after debugging came to know that it is failing handleForm(result.contentWindow.document);(/etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js)  in this location.Please suggest me how we can resolve this issue.

Thanking you.

Capture.PNG
21 KB

Views

798

Replies

0
Sign in to like this content

Total Likes

Translate
Translate