Thanks JaideepBrar​.As i mentioned CSRF framework is sending empty token to browser. For our case should we still keep token.json calls?

Thanks Arun.Publisher responds with empty token to csrf requests. Since users are not authenticated.I think excluded path is used bypass csrf token check for certain destinations.https://taylor.callsen.me/security-and-java-servlets-in-aem-6-1/ Our goal is stop browser's csrf token requests so dispat...

Hi Community,Our customer web site doesn't have any authenticated user. All users are anonymous. Components have granite.jquery dependency so csrf protection is enabled automatically.Dispatcher and publisher instance receiving too many unnecessary csrf token requests.Is there any way to disable csrf...