In 6.4 when I hit /libs/granite/csrf/token.json it gives me a empty json with json response.
however in 6.2, /libs/granite/csrf/token.json it redirects to login page (which we used in our code to add basic authentication and token headers to login to AEM through ajax call)
also, in crx/de token path looks grayed out
any thoughts ?
rajeshs28932860 AFAIK, this change in behavior is due to the granite:FinalArea mixin added to the node in AEM 6.4. This property is being brought starting 6.4 which marks the area for the internal code to prevent customizations.
By default, only authenticated users can access the token. Hence, login as admin/other user and then you should be able to see the token.
The source code should include a dependency on granite.jquery to get the token.
Hi Gaurav, end users will not be authenticated in AEM web console while accessing site pages on AEM. As an end user i'm seeing blank csrf token retrieved from token.json call.
While in my local, when i'm authenticated in AEM web console as an admin user, i can see CSRF token json string returned in token.json call.
How to fix this issue when an end user is not authenticated in AEM?