Expand my Community achievements bar.

Sling Referrer and CSRF filter issue

Avatar

Level 2

Hi,

As part of payment process we are integrating with third party payment gateway when user completes the payment process on payment gateway, payment gateway will do POST request to resource in AEM.

The post request from payment gateway is getting blocked by Sling referrer filter and CSRF filter

Can some body suggest what is the best way to implement to pass the post request through sling referrer filter and CSRF filter from external site

I have tried by allowing empty referrer in sling referrer filter  and removing post in CSRF filter which is working, but which is not the ideal way of allowing the external post request to AEM.

1 Reply

Avatar

Administrator

Hi 

Please have a look at this slimier forum post :-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

// 

With 6.1, AEM added CSRF (Cross-Site Request Forgery) protection and you need to ensure that the CSRF token is included.

This should be handled automatically if you are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.

If you absolutely need to use a different version of jQuery (why?) and/or don't use jQuery at all, then you can include the 'granite.csrf.standalone' client library and it will do the same hooks.

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

 

Reference Articles :- 

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

Link:- http://suryakand-shinde.blogspot.in/2016/07/aem-form-submission-handling-post.html

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

 

~kautuk



Kautuk Sahni