Expand my Community achievements bar.

SOLVED

Role of Adobe Granite CSRF servlet

Avatar

Level 8
Level 8
3/18/24 8:48:14 AM

Hello Everyone,

 

Please correct my statements, if I am wrong.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Thanks

 

 

Views

211

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 6
Level 6
3/19/24 3:33:02 AM
In response to Mahesh_Gunaje

Hi @Mahesh_Gunaje 
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

Can you clarify if you have a questions/issue regarding this?

 

View solution in original post

Views

162

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 8
Level 8
3/18/24 9:15:31 AM

Hello Everyone,

 

Sorry for the confusion. I am correcting my statements.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFServlet
Servlet that return the CSRF token for a given user.

 

Mahesh_Gunaje_0-1710778452531.png

 

 

 

 

Adobe Granite CSRF Servlet

Views

196

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 6
Level 6
3/19/24 3:33:02 AM
In response to Mahesh_Gunaje

Hi @Mahesh_Gunaje 
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

Can you clarify if you have a questions/issue regarding this?

 

Views

163

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
what sort of access/profile do I need so I can add custom domains/manage pipelines in AEMaaCS? Solved

Views

143

Likes

0

Replies

8
AEMaaCS: can I push any branch to the Adobe GIT repo so I can deploy/test my changes on the dev cluster. Solved

Views

144

Likes

0

Replies

4
AEMaaCS: can you do all git work in bitbucket/github and only push to adobe once the release branches are ready?

Views

21

Likes

0

Replies

0
Daily Usage of Content Request in AEM Cloud Services

Views

27

Likes

0

Replies

0
AEM | Anyone have the updated version of RTE Color Picker JS ?

Views

128

Likes

0

Replies

2