Role of Adobe Granite CSRF servlet | Community
Skip to main content
M
Mahesh_Gunaje
Level 7
March 18, 2024
Solved

Role of Adobe Granite CSRF servlet

  • March 18, 2024
  • 1 reply
  • 1172 views

Hello Everyone,

 

Please correct my statements, if I am wrong.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Thanks

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by pulkitvashisth

Hi @mahesh_gunaje 
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

Can you clarify if you have a questions/issue regarding this?

 

1 reply

M
Mahesh_GunajeAuthor
Level 7
March 18, 2024

Hello Everyone,

 

Sorry for the confusion. I am correcting my statements.

 

Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.

com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception. 

 

Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration

 

Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFServlet
Servlet that return the CSRF token for a given user.

 

 

 

 

 

Adobe Granite CSRF Servlet

    pulkitvashisth
    Community Advisor
    pulkitvashisthCommunity AdvisorAccepted solution
    Community Advisor
    March 19, 2024

    Hi @mahesh_gunaje 
    Yes the above statements are correct in their context.
    In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.

    Can you clarify if you have a questions/issue regarding this?

     

      Terms & ConditionsAccessibility statement

      Loading footer...