Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Role of Adobe Granite CSRF servlet

Avatar

Level 8

Hello Everyone,

 

Please correct my statements, if I am wrong.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Thanks

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Mahesh_Gunaje 
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

Can you clarify if you have a questions/issue regarding this?

 

View solution in original post

2 Replies

Avatar

Level 8

Hello Everyone,

 

Sorry for the confusion. I am correcting my statements.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFServlet
Servlet that return the CSRF token for a given user.

 

Mahesh_Gunaje_0-1710778452531.png

 

 

 

 

Adobe Granite CSRF Servlet

Avatar

Correct answer by
Community Advisor

Hi @Mahesh_Gunaje 
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

Can you clarify if you have a questions/issue regarding this?