Encountering an error when submitting form with an empty and invalid CSRF token | Community
Skip to main content
S
SiddhiDa1
New Participant
March 25, 2025
Solved

Encountering an error when submitting form with an empty and invalid CSRF token

  • March 25, 2025
  • 2 replies
  • 517 views

Hi,

 

I need help with an issue involving an empty and invalid CSRF token when submitting the form. I've already included CSRF token in the client header. 

 

Here are the error logs: 

 *INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
 *INFO* [[0:0:0:0:0:0:0:1] [1742872764470] POST /bin/ HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

 

could you kindly assist me in finding a solution to fix this error? 

 

Thank you.

Best answer by giuseppebaglio

The error occurs because the CSRF token is either missing, expired, or invalid. Manually fetch the token from /libs/granite/csrf/token.json and include it in headers, ensure forms use the correct hidden input, and validate client/server configurations.

For example:

// Fetch CSRF token for AJAX requests $.getJSON("/libs/granite/csrf/token.json", function(data) { $.ajax({ url: "/bin/your-servlet", type: "POST", headers: { "CSRF-Token": data.token }, // ... other settings }); });

Some helpful links:

https://www.albinsblog.com/2023/03/what-is-csrf-how-is-csrf-protection-enabled-in-aem.html 

https://stackoverflow.com/a/34130703

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944 

2 replies

kautuk_sahni
kautuk_sahni
Employee
April 1, 2025

@siddhida1 Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

Kautuk Sahni
giuseppebaglio
giuseppebaglioAccepted solution
New Participant
March 25, 2025

The error occurs because the CSRF token is either missing, expired, or invalid. Manually fetch the token from /libs/granite/csrf/token.json and include it in headers, ensure forms use the correct hidden input, and validate client/server configurations.

For example:

// Fetch CSRF token for AJAX requests $.getJSON("/libs/granite/csrf/token.json", function(data) { $.ajax({ url: "/bin/your-servlet", type: "POST", headers: { "CSRF-Token": data.token }, // ... other settings }); });

Some helpful links:

https://www.albinsblog.com/2023/03/what-is-csrf-how-is-csrf-protection-enabled-in-aem.html 

https://stackoverflow.com/a/34130703

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/getting-csrf-token-as-invalid-on-post-servlet-call/m-p/279586 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/form-submission-is-getting-failed-with-empty-csrf-token-error/td-p/396944 

    Terms & ConditionsAccessibility statement

    Loading footer...