Sling Servlet CSRF attacks protection

Avatar

Avatar

santhsohm220338

Avatar

santhsohm220338

santhsohm220338

29-10-2020

Hello Everyone,

 

I have the below situation

I have a page, user comes and select his plan and click the button to navigate to next page. on clicking the button UI(react) will make ajax call to sling servlet and post the user selected values as request payload(request data). 

Here we have a situation we could able to trap the request using burp proxy interceptor and tampering the  request and the same changed values server accepting. Expecting behavior :server not to accept the manipulated data and should throw error.

I tried enabling CSRF token for Servlets and I can see CSRF-Token in request header as well. still did not worked for me.

Please help me here. Appreciate your help.

Accepted Solutions (0)

Answers (2)

Answers (2)

Avatar

Avatar

Mayank_Gandhi

Employee

Avatar

Mayank_Gandhi

Employee

Mayank_Gandhi
Employee

05-11-2020

@kautuk_sahni  Can you please move it to aem core.

Avatar

Avatar

santhsohm220338

Avatar

santhsohm220338

santhsohm220338

30-10-2020

Any suggestions here?