Expand my Community achievements bar.

SOLVED

Intended use case for granite.jquery's csrf.js

Avatar

Level 4
Level 4
10/27/15 2:20:55 PM

We’re running into some Javascript errors in Internet Explorer that we’ve tracked down to /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js

Specifically, the line handleForm(result.contentWindow.document)is a problem when an iframe contains content from a different domain.

I suspect I can set up an overlay to work around this, but wanted to get some input as far as what the intended use case for this behavior is, or if there are specific components in AEM that are relying on it, so we can be prepared for any future problems that may arise.

Thanks

Views

1.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/27/15 4:14:32 PM

Hi,

some details here [1][2], as Scott mentioned it is part of the security framework in AEM and as such should not be modified. If you have specific issues, I'd suggest raising a support ticket.

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security.html

[2] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

View solution in original post

Views

788

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 10
Level 10
10/27/15 2:43:42 PM

FRom reading the code - looks like this is helping against:

https://en.wikipedia.org/wiki/Cross-site_request_forgery

Also- i sent this question other Adobe ppl so they can help with this question. 

Views

787

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
10/27/15 4:14:32 PM

Hi,

some details here [1][2], as Scott mentioned it is part of the security framework in AEM and as such should not be modified. If you have specific issues, I'd suggest raising a support ticket.

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security.html

[2] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

Views

789

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
12/7/15 2:29:03 AM

Hi,

We are using google Recaptcha  as a component on our forms.It is not able to get the options which we have to select to solve the recaptcha, it is continuously loading. We are facing this problem in IE11,after debugging came to know that it is failing handleForm(result.contentWindow.document);(/etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js)  in this location.Please suggest me how we can resolve this issue.

Thanking you.

Capture.PNG
21 KB

Views

946

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Universal Editor - Use case Query Solved

Views

84

Likes

0

Replies

1
How to Render the different version of Header for Specific Pages Using Experience Fragments in AEM?

Views

123

Likes

0

Replies

3
Way to remove the timestamp from the metadata field for expiry date

Views

130

Likes

0

Replies

4
How to migrate JTW to OAuth2 and use it in the Jenkins pipeline?

Views

124

Likes

0

Replies

3
Permissions for usersgroups for pages

Views

80

Likes

0

Replies

1