Expand my Community achievements bar.

SOLVED

Not Able to call Post Servlet in html form action tag

Avatar

Level 2

Hi,
I have created a custom search component and in that I had written a html file and for backend side I created a resource type servlet and services. The servlet is working fine, it is giving me the correct response while tested with postman. But when i used that servlet api in my custom component html page of form tag with action= servlet url and method=POST. Then I am getting an error 403 Forbidden with statement "Cannot serve request to /content/aem-site/us/en/component-basics/_jcr_content.geeks.xml in BundledScriptServlet (/libs/sling/servlet/errorhandler/default.jsp)".
Why this error is coming that I don't know. Then I figure out the Servlet Resolver where my servlet is working fine but not in html. Then I removed POST from the CSRF Filter then my servlet is working in the html. But why I have to remove the POST api method from the CSRF Filter, this is not proper solution. So can you please help me to find the solution for this.
I have attached videos for your reference and also for servlet backend code.

Component:
https://www.youtube.com/watch?v=m5z-htzR7ts&ab_channel=My%3FListeries 

Servlet : 

https://www.youtube.com/watch?v=OnqOffsIomM&ab_channel=My%3FListeries 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @brijesh-2203 

One of the ways will be to add the path to the excluded paths so filter will ignore validating this request and shouldn't return forbidden.

 

Another possibility is due to CSRF Token validation by AEM. If you find the specific error in logs please try to add the default granite.jquery in your custom component and try adding csrf.standalone dependency

 

https://experienceleague.adobe.com/docs/experience-manager-65/developing/introduction/csrf-protectio...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/post-servlet-giving-403-fo...

 

 

View solution in original post

5 Replies

Avatar

Community Advisor

@brijesh-2203 

I would suggest to go for sling.servlet.paths instead of sling.servlet.resourceTypes specially when you doing a POST. 

Reference: https://medium.com/@toimrank/aem-post-servlet-e0b07ecc63ac

 

Avatar

Level 2

@A_H_M_Imrul 
I also tried with sling.servlet.paths but facing the same issue same as sling.servlet.resourceTypes.

Avatar

Correct answer by
Community Advisor

Hi @brijesh-2203 

One of the ways will be to add the path to the excluded paths so filter will ignore validating this request and shouldn't return forbidden.

 

Another possibility is due to CSRF Token validation by AEM. If you find the specific error in logs please try to add the default granite.jquery in your custom component and try adding csrf.standalone dependency

 

https://experienceleague.adobe.com/docs/experience-manager-65/developing/introduction/csrf-protectio...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/post-servlet-giving-403-fo...

 

 

Avatar

Level 2

Hi @sherinregi ,
I already added for my resourceType servlet in excluded paths but it is not working. But now I converted to the path Type servlet then excluded the serlvet path then it is working fine.

 

Thank you @sherinregi 


But can you please let me know why it is not worked with resourceType servlet but worked worked with path type servlet.

Avatar

Level 2

Hi @sherinregi

By adding dependency of csrf.standalone and granite.jquery, It is working for both resourceType and path Servlet.
For resourceType - granite.jquery only this

For pathType  -  granite.jquery or csrf.standalone


Thank you