CSRF-Token is not working in AEM 6.5

Question

Hi all, I am using the Ajax call the post servlet and is getting the 403 forbidden error in the aurhor instance. In the AEM 6.1, I can call "/libs/granite/csrf/token.json" to get the token and the set the this token to the header of the Ajax. Then Ajax can successfully call the post servlet. headers: {
"X-CSRFToken": token,
"CSRF-Token": token
}   But in the AEM 6.5, even I have set the header, but still getting the 403 error.  Does anyone know how to fix it in the AEM 6.5.  BTW : I don't want to change OSGI, I just want a way to change the code of the JS and HTML to fix it.  Thanks,Forrest

Asutosh_Jena_ · Accepted Answer

Hi @forrestli

Are you trying to access http://localhost:4502/libs/granite/csrf/token.json and it does not return CSRF on author?

That's weird. It should work if you are logged in.

By the way why you need to set the header explicitely when it should implicitely set the header with CSRF token from author while making a POST call.

Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded