Adobe Experience Manager Sites & More

james_xu · 10/26/16

Dear all,

I've created a bundle that have some servlets, and after I deployed them to author instance, the servlets could be accessed and invoked.

While after I replicated the bundle to publish instance, the invoking of servlets return 404.

The server version is 6.2, and I found below message in the error.log.

26.10.2016 17:03:24.006 *INFO* [10.65.32.106 [1477472604004] POST /content/my-testing/en/my-aia/myaia-login.login.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
26.10.2016 17:03:24.007 *INFO* [10.65.32.106 [1477472604004] POST /content/my-testing/en/my-aia/myaia-login.login.json HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

Could you please advise?

I have attached some screen shots for you to refer.

Cheers

Best Regards,

kautuk_sahni · 10/27/16

Hi

For 404, please check if bundles are replicated properly in publishers?

Reference CSRF POSTS:-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//

With 6.1, AEM added CSRF (Cross-Site Request Forgery) protection and you need to ensure that the CSRF token is included.

This should be handled automatically if you are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.

If you absolutely need to use a different version of jQuery (why?) and/or don't use jQuery at all, then you can include the 'granite.csrf.standalone' client library and it will do the same hooks.

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//

For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP.

<cq:includeClientLib js="granite.csrf.standalone"/>

~kautuk

Kautuk Sahni

View solution in original post

smacdonald2008 · 10/26/16

This looks like a CSRF error - how did you invoke this servlet?

james_xu · 10/26/16

We just postto the servlet by invoking a button click method.

kautuk_sahni · 10/27/16

Hi

For 404, please check if bundles are replicated properly in publishers?

Reference CSRF POSTS:-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//

With 6.1, AEM added CSRF (Cross-Site Request Forgery) protection and you need to ensure that the CSRF token is included.

This should be handled automatically if you are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.

If you absolutely need to use a different version of jQuery (why?) and/or don't use jQuery at all, then you can include the 'granite.csrf.standalone' client library and it will do the same hooks.

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//

For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP.

<cq:includeClientLib js="granite.csrf.standalone"/>

~kautuk

Kautuk Sahni

james_xu · 10/29/16

Thanks for your help, I checked that we did not use AEM's version of jQuery, so after I included "cq.jquery" in our template, the CSRF error disappeared.

So from your advise, it would be better to use AEM's version of jQuery rather than others, isn't it?

Cheers,

kautuk_sahni · 10/31/16

Yes.

~kautuk

Adobe Experience Manager Sites & More

Publish Servlet 404

Kautuk Sahni

Kautuk Sahni

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe