since ‎20-08-2019
‎12-02-2020
mehmetsezgin
Level 1
Re: Disable CSRF on AEM 6.3
Avatar

mehmetsezgin

mehmetsezgin
- Adobe Experience Manager
Thanks JaideepBrar​.As i mentioned CSRF framework is sending empty token to browser. For our case should we still keep token.json calls?

Views

7.0K

Likes

0

Replies

1
Re: Disable CSRF on AEM 6.3
Avatar

mehmetsezgin

mehmetsezgin
- Adobe Experience Manager
Thanks Arun.Publisher responds with empty token to csrf requests. Since users are not authenticated.I think excluded path is used bypass csrf token check for certain destinations.https://taylor.callsen.me/security-and-java-servlets-in-aem-6-1/ Our goal is stop browser's csrf token requests so dispatcher will not have to handle them.

Views

7.0K

Likes

0

Replies

3
Disable CSRF on AEM 6.3
Avatar

mehmetsezgin

mehmetsezgin
- Adobe Experience Manager
Hi Community,Our customer web site doesn't have any authenticated user. All users are anonymous. Components have granite.jquery dependency so csrf protection is enabled automatically.Dispatcher and publisher instance receiving too many unnecessary csrf token requests.Is there any way to disable csrf protection on AEM 6.3?Thanks in advance.Mehmet

Views

7.5K

Like

1

Replies

7
Likes from