Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Sling Servlet CSRF attacks protection

Avatar

Level 1

Hello Everyone,

 

I have the below situation

I have a page, user comes and select his plan and click the button to navigate to next page. on clicking the button UI(react) will make ajax call to sling servlet and post the user selected values as request payload(request data). 

Here we have a situation we could able to trap the request using burp proxy interceptor and tampering the  request and the same changed values server accepting. Expecting behavior :server not to accept the manipulated data and should throw error.

I tried enabling CSRF token for Servlets and I can see CSRF-Token in request header as well. still did not worked for me.

Please help me here. Appreciate your help.

2 Replies