I have a site set up on publish instance where I'm doing an ajax call to a servlet, however I'm not getting any response.
The servlet is also installed as an OSGi bundle in the back end of our publish instance.
I'm doing a POST call however I did notice that when I do a GET call it goes through. I've also checked the
Apache Sling Referrer Filter configuration and removed the 'POST' from 'Filter Methods', but still no luck.
Any thoughts guys?
Thanks!
Views
Replies
Total Likes
Are you getting 404?
Views
Replies
Total Likes
Views
Replies
Total Likes
Hi,
Please share the the error.log for publish instance and also the browser console error.
Is it working on Author?
You can debug the Servlet resolution in 2 ways:-
Here’s one way:
1. Head over to http://localhost:4502/system/console/servletresolver
2. Enter the request URL and select the appropriate HTTP method (http://localhost:4502/editor.html/content/we-retail.html)
3. The Opting servlets will be listed – I think the ‘chosen’ one is on the top…
Here’s another:
1. Head over to http://localhost:4502/system/console/requests and clear existing requests
2. ‘Edit’ a ‘simple’ AEM site (e.g. navigate to http://localhost:4502/editor.html/content/we-retail.html)
3. Refresh the page in #1 and locate your request
a. It may happen that the page you are interesting in sends more than 20 requests – perhaps there’s a configuration to increase how many requests are ‘kept’ for analysis but I don’t know of it – instead, what you can try is to ‘cancel’ the page-load (so that further requests are not sent to the server)
The downside of 2nd method is limited requests can be tracked this way – the upside is that you get a lot more information that the 1st.
I hope this would help you.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
Adding Reference Old posts:-
I hope this will help you.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
kautuksahni I did the method you listed and here are the results attached:
[1]
[2]
Also I'm not getting an error page back
it seems like the page just hangs as in there is no response given possibly because the request
doesn't even make it to the servlet.
Views
Replies
Total Likes
If you look at the AEM access.log are you seeing any information?
Views
Replies
Total Likes
smacdonald2008 wrote...
If you look at the AEM access.log are you seeing any information?
This is what the access log shows:
03.06.2016 14:34:15.660 *INFO* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting 03.06.2016 14:34:15.660 *INFO* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid 03.06.2016 14:34:15.661 *WARN* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.day.cq.wcm.core.impl.components.ComponentCacheImpl No component node found at /bin/pubnetSEARCH.servlet
Just had to remove "POST" from being filtered from the CSRF filter config. Now I'm getting a success response back from the ajax call.
Views
Replies
Total Likes
Thanks for posting this.
Views
Replies
Total Likes
The Big Red wrote...
smacdonald2008 wrote...
If you look at the AEM access.log are you seeing any information?
This is what the access log shows:
03.06.2016 14:34:15.660 *INFO* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting 03.06.2016 14:34:15.660 *INFO* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid 03.06.2016 14:34:15.661 *WARN* [10.10.118.17 [1464978855660] POST /bin/pubnetSEARCH HTTP/1.1] com.day.cq.wcm.core.impl.components.ComponentCacheImpl No component node found at /bin/pubnetSEARCH.servlet
Just had to remove "POST" from being filtered from the CSRF filter config. Now I'm getting a success response back from the ajax call.
Please don't remove post from CSRF protection. If you are doing a POST call as an authenticated user, you should include a csrf token[1][2]. Removing post from the CSRF filter config is a security risk[0].
Regards,
Opkar
[0] https://docs.adobe.com/docs/en/aem/6-2/develop/security/csrf-protection.html
[1]http://wcmaem.blogspot.co.uk/2016/03/aem-csrf-issue-forbidden-post-call-in.html
[2]https://www.linkedin.com/pulse/aem-61-5-things-developer-should-know-yash-mody
Views
Replies
Total Likes
Hi,
Thanks for this but what if i am doing a post call as an unauthenticated user how can I access the token ? My current setup is doing ajax calls to sling servlets which proxy the calls to legacy backends via soap.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies