Yes I was referring to the unauthenticated users.Suppose I have a donation form on a page and I want all people to donate money without authentication then how can I prevent CSRF in such a scenario ? Is CSRF really required here ? As per the following thread CSRF protection is indeed required for su...

Thanks Lars. But the token URL is publicly available (/libs/granite/csrf/token.json ) and an attacker can get a new token from it and submit forged requests.  I am able to submit requests with a different user agents and with different tokens. 

I have a question related to protection in AEM against CSRF attacks. In AEM 6.1, CSRF framework protection was introduced which checks that all POST requests should have a valid token. The token should be passed in the request body or in the header.As per the framework, the token is injected into th...

Since you have too many nodes being returned in the resultset,  is it good to consider limiting the results ? Or else, Instead of running the query on root node why not run it on subpaths separately for limiting the results. http://help-forums.adobe.com/content/adobeforums/en/experience-manager-foru...

I don't know whether there is any OOTB configuration to limit the file types. But there is a community article for restricting the upload based on size of the file - http://experience-aem.blogspot.com/2014/12/aem-6-sp1-classic-ui-restrict-large-or-small-files-upload.html. You can customize it and ad...

Why do you need to pass the request object to OSGI service? It is better not to pass the request object to the backend components and rather pass the information in the request to the backend component using POJO objects or standard data types. You should not couple your services code with the front...

Try the following code- <div data-sly-test="${salary < 0}" data-sly-unwrap> Salary is very low to survive </div> <div data-sly-test="${salary >  1000}" data-sly-unwrap> Salary is very good. </div> <div data-sly-test="${salary < 1000} && ${salary > 0}" data-sly-unwrap> No comment sir... </div>

Check this doc - https://helpx.adobe.com/experience-manager/using/sling_models.html

Check the following thread- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manager.topic.html/forum__h9cv-hi_after_publish.html

$@^^!R wrote... kunal23 wrote... Try the following query- SELECT parent.* FROM [nt:unstructured] AS parent INNER JOIN [nt:unstructured] AS child ON ISCHILDNODE(child,parent) WHERE ISDESCENDANTNODE(parent, /etc/employees/employeedata) AND parent.[bondStartDate] < CAST('2016-02-01T00:00:00.000+05...