Dear all,
I've created a bundle that have some servlets, and after I deployed them to author instance, the servlets could be accessed and invoked.
While after I replicated the bundle to publish instance, the invoking of servlets return 404.
The server version is 6.2, and I found below message in the error.log.
26.10.2016 17:03:24.006 *INFO* [10.65.32.106 [1477472604004] POST /content/my-testing/en/my-aia/myaia-login.login.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
26.10.2016 17:03:24.007 *INFO* [10.65.32.106 [1477472604004] POST /content/my-testing/en/my-aia/myaia-login.login.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid
Could you please advise?
I have attached some screen shots for you to refer.
Cheers
Best Regards,
Solved! Go to Solution.
Views
Replies
Total Likes
Hi
For 404, please check if bundles are replicated properly in publishers?
Reference CSRF POSTS:-
//
With 6.1, AEM added CSRF (Cross-Site Request Forgery) protection and you need to ensure that the CSRF token is included.
This should be handled automatically if you are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.
If you absolutely need to use a different version of jQuery (why?) and/or don't use jQuery at all, then you can include the 'granite.csrf.standalone' client library and it will do the same hooks.
//
For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP.
<cq:includeClientLib js="granite.csrf.standalone"/>
~kautuk
Views
Replies
Total Likes
This looks like a CSRF error - how did you invoke this servlet?
Views
Replies
Total Likes
We just postto the servlet by invoking a button click method.
Views
Replies
Total Likes
Hi
For 404, please check if bundles are replicated properly in publishers?
Reference CSRF POSTS:-
//
With 6.1, AEM added CSRF (Cross-Site Request Forgery) protection and you need to ensure that the CSRF token is included.
This should be handled automatically if you are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.
If you absolutely need to use a different version of jQuery (why?) and/or don't use jQuery at all, then you can include the 'granite.csrf.standalone' client library and it will do the same hooks.
//
For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP.
<cq:includeClientLib js="granite.csrf.standalone"/>
~kautuk
Views
Replies
Total Likes
Thanks for your help, I checked that we did not use AEM's version of jQuery, so after I included "cq.jquery" in our template, the CSRF error disappeared.
So from your advise, it would be better to use AEM's version of jQuery rather than others, isn't it?
Cheers,
Views
Replies
Total Likes
Yes.
~kautuk
Views
Replies
Total Likes