This works for testing, but not for a long term solution. We need to use
this form to make the post request within the iframe itself in AEM.
Adding the path to the list of URLs that do not require authentication
seems like the best option for now
Thank you for the replies,@vanegi, @BrianKasingli Adding the path to the
list of URLs that do not require authentication certainly worked,
however it feels like a bit of a workaround. Is there no other way? What
has changed in v6.4.8.1? Also I am not sure how I would add a request
header from an HTML form.@ChitraMadan I don't think this is related to
the Apache Sling Referrer Filter, the host that makes the POST request
has already been added to the Allowed Hosts. I also tried ticking Allow
Empt...
I have an HTML form inside an iframe that makes a POST request to an AEM
servlet. The servlet path is excluded by the Adobe Granite CSRF Filter,
and the host making the POST request has been added to the Allowed Hosts
in the Apache Sling Referrer Filter. On AEM 6.4.8.0, everything works
fine, however when upgrading to 6.4.8.1, the POST request returns a 403
Forbidden response. This is on an Author instance. The following message
is seen in the Error log after making the request: *INFO*
[qtp69109...
@Jörg_Hoh Yes, we are trying to add cache-control: max-age=0, no-cache,
no-store, must-revalidate to the response so that the CDN does not cache
the page, but the cache-control header is missing from the response when
we try to set it using the Header directive.
Yes, we are trying to add cache-control: max-age=0, no-cache, no-store,
must-revalidate so that the CDN does not cache the page, but the header
is missing from the response when we try to set it using th
In the release notes for Dispatcher v4.3.3, it mentions an
improvement:DISP-818 - mod_expires adds Cache-Control headers for
uncacheable contentDoes anyone know what this improvement actually does?
We are trying to use the Apache mod_headers to add Cache-Control to
certain responses, but it does not work if the request contains query
parameters. If we remove the query parameters from the request, or we
change the cache-control header to another header (like cache-control2)
then it
works.https://...
I did not realise the cache control: max-age=0 was not a Dispatcher out
of the box feature, sorry. In our Apache web server, we are adding the
"cache-control: max-age=0, no-cache, no-store, must-revalidate" to all
responses that do not contain the Etag header, as this means the page is
not cached. This works as expected if the request does not contain a
query string, but if the request does contain a query string then we do
not see the cache-control header, even though Etag is missing. It is as
...
We are experiencing some unusual behaviour regarding Dispatcher. If we
make a request to a page that should not be cached according to out
dispatcher rules, and the request contains query parameters, then the
response is missing the Cache-Control header.We would expect to see
cache-control: max-age=0, no-cache, no-store, must-revalidatebut we do
not see the cache control header at all.This is occurring regardless of
whether the query parameter is in the list of ignored query params or
not. If we...
Hi, to clarify, dispatcher is working correctly, caching pages that are
required to be cached. Also, the ACS Commons Dispatcher TTL also works
correctly, however it only adds the header to requests that do not
contain any query params. However, for requests that contain an ignored
query param, ACS Commons does not add the max-age header, but dispatcher
still caches it. I am looking for the best way to have the page cached
with a max-age header, since ACS Commons will not add it.
I am using the ACS Commons Dispatcher TTL feature to set max-age headers
to certain requests. I've also configured a list of query parameters
which are ignored by Dispatcher. Both of these are working as expected.
However, if a request is made to a page that contains ignored query
parameters, then the page becomes cached in Dispatcher, but with no
max-age header. This appears to be expected behaviour for the ACS
Commons Dispatcher TTL feature, so what is the best way to ensure that
requests that...
