Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.

Post servlet giving 403 forbidden error during post ajax call


Level 4

Hi Team,

Hope you are doing great.


Can you please me to resolve 403 error during post servlet call 


Cannot serve request to /bin/servlets/job-apply on this server

Apache Sling

import Vue from 'vue';
import Axios from "axios";


var app = new Vue({
el: '#job-listing',
jobList: [],

const now = new Date();
var origin = location.origin;
var URL = origin+"/bin/servlets/job-apply";
const config = {
headers: {
"Content-Type": "application/json; charset=utf-8"
Axios.post(URL, config)
.then(response =>{
this.jobList = response.data;
console.log(this.jobList,'bhagchand saini')

package com.ranosys.website.core.servlets;

import java.io.IOException;

import javax.servlet.Servlet;
import javax.servlet.ServletException;

import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.HttpConstants;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.osgi.framework.Constants;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.ranosys.website.core.services.SalesforceHttpService;


* This method makes an HTTP call send data to salesforce
@component(service = Servlet.class, property = { Constants.SERVICE_DESCRIPTION + "=HTTP servlet",
"sling.servlet.methods=" + HttpConstants.METHOD_POST, "sling.servlet.paths=" + "/bin/servlets/job-apply" })
public class SalesforceJobApply extends SlingAllMethodsServlet {

* Generated serialVersionUid
private static final long serialVersionUID = -2014397651676211439L;

* Logger
private static final Logger log = LoggerFactory.getLogger(SalesforceJobApply.class);

private SalesforceHttpService httpService;

* Overridden doPost() method
protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException{
try {

} catch (Exception e) {

log.error(e.getMessage(), e);



Can you please anyone help on this


1 Accepted Solution


Correct answer by
Employee Advisor
14 Replies


Employee Advisor

Could you please try the below one -


To make this form submission process operational on AEM instance I have added servlet path via




Please use your servlet path: /bin/servlets/job-apply in above configuration and let me know.


Level 4

Not able to see this configuration on my local 

can you please help Screenshot from 2022-04-26 18-45-59.png


Employee Advisor

Please access localhost:4502/system/console/configMgr and the search Adobe Granite CSRF filter.


Employee Advisor

From the screenshot it looks like '/' is missing. Value should be /bin/servlets/job-apply


Level 4

Screenshot from 2022-04-27 08-31-03.png

still same, I am using AEM as CS

Can you please help me on this.


Correct answer by
Employee Advisor


Employee Advisor

Hi @bhagchand ,

I think @DEBAL_DAS has noted it right, the "/" is missing in the literal starting, please append the same and try.

Please paste the following value :




Level 1

Hi all,

Make all the changes in the configuration as mentioned in https://sourcedcode.com/blog/video-tutorial/how-to-make-simple-http-post-methods-in-aem-with-a-http-...

Still getting 403 forbidden error while masking POST request to the servlet from other domain, also added the domain name of the application from which our servlet is getting called in allow origin in the Adobe Granite Cross Origin Resource Shairing Policy configuration. Remove POST from filter methods in Adobe Granite CSRF Filter configuration and added servlet path in excluded path of this configuration. 


can anyone please help on this


Level 4


Simple way to debug this is go to you error.log file and search for your endpoint or name of servlet API. There you can see why the request is failing. Mostly it will be 

com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting

 Then you can add your servlet path in excluded path then it will work.


If issue is not with CSRF then you can actual issue in error.log


Level 3

If this is a CSRF filter issue then I think the best way to handle this is by following Adobe's recommendation - by generating a CSRF token while submitting a POST request (for authenticated users).


Please check the logs as @Uppari_Ramesh mentioned & if you see CSRF related error messages then please follow the steps in this link: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c...


Note: In some cases your CDN might block the token generation, which needs whitelisting. Also the above link is under cloud service, so not sure if it works for non-cloud as well. Hope this helps.