Hello Everyone,
Please correct my statements, if I am wrong.
Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.
Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception.
Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @Mahesh_Gunaje
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.
Can you clarify if you have a questions/issue regarding this?
Hello Everyone,
Sorry for the confusion. I am correcting my statements.
Adobe Granite CSRF Filter configuration has
Filter Methods: POST, PUT,DELETE (These methods are checked by the filter). These filters methods should CSRF token. Otherwise, application will throw error.
com.adobe.granite.csrf.impl.CSRFFilter : This is a sling Filter, which checks the incoming request. If its either POST, PUT,DELETE (which is mentioned in CSRF filter Configuration), and if there is no CSRF token, then, this servlet will throw exception.
Suppose if a GET request throws some error related to csrf token, then this might be because, someone by mistakenly added GET in Filter methods of Adobe Granite CSRF Filter configuration
Adobe Granite CSRF Servlet
com.adobe.granite.csrf.impl.CSRFServlet
Servlet that return the CSRF token for a given user.
Adobe Granite CSRF Servlet
Hi @Mahesh_Gunaje
Yes the above statements are correct in their context.
In addition to the CSRF filter configuration filter methods param, we also have excluded paths where we can configure paths which we do not want to filter through csrf filter.
Can you clarify if you have a questions/issue regarding this?
Views
Likes
Replies
Views
Likes
Replies