Getting 404 for csrf token | Community
Skip to main content
V
Vanitha_Duraisamy
New Participant
May 5, 2023
Solved

Getting 404 for csrf token

  • May 5, 2023
  • 5 replies
  • 2194 views

Hi Team,

 

In dispatcher we are getting 404 for the csrf token. We are facing this issue only in the dispatcher level.

We have added below dispatcher configurations:

1) In clientheaders - "CSRF-Token" is added

2) In filters we have allowed the csrf token

/044 {
/selectors ''
/extension 'json'
/type "allow"
/method "GET"
/path '/libs/granite/csrf/token'
/suffix ''
}

3) We have added the below clientlib category - 

granite.csrf.standalone

 

 

Please let me know if you've any possible solutions.

 

@Vijayalakshmi_S  @arunpatidar @Suraj_Kamdi 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Vanitha_Duraisamy

Thanks for all the responses.

The issue got resolved after removing the below clientlibrary category from our code.

<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>

5 replies

V
Vanitha_DuraisamyAuthorAccepted solution
New Participant
May 10, 2023

Thanks for all the responses.

The issue got resolved after removing the below clientlibrary category from our code.

<sly data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html" data-sly-call="${clientlib.all @ categories='granite.csrf.standalone'}"/>

    rawvarun
    rawvarun
    New Participant
    May 9, 2023

    Add below caching rule to disallow caching for token path

    { /glob "/libs/granite/csrf/token.json" /type "deny" }

     

      Himanshu_Jain
      Himanshu_Jain
      New Participant
      May 8, 2023

      Check  Apache Sling Referrer Filter configuration

      Ref: https://sourcedcode.com/blog/aem/in-aem-what-is-the-apache-sling-referrer-filter-osgi-configuration

       

      Himanshu Jain
        S
        ShubhanshuSi2
        New Participant
        May 5, 2023

        You may refer Configuring Dispatcher to Prevent CSRF Attacks | Adobe Experience Manager

          AsifChowdhury
          AsifChowdhury
          New Participant
          May 5, 2023

          Hello @vanitha_duraisamy 

          I have faced a similar type issue with the author

          Then I had to fetch the CSRF token first then did the actual Ajax call.

          let xhttp = new XMLHttpRequest(); xhttp.open('GET', "/libs/granite/csrf/token.json", true); xhttp.onload = function() { if (xhttp.status === 200) { let response = JSON.parse(xhttp.responseText); let csrfToken = response.token; let xhr = new XMLHttpRequest(); xhr.open("POST", url, true); xhr.setRequestHeader('CSRF-Token', csrfToken); xhr.onreadystatechange = function() { if (this.readyState === XMLHttpRequest.DONE && this.status === 200) { // do rest of the things } }; xhr.send(JSON.stringify(data)); } }; xhttp.send(); });

          I am not sure but maybe you will get an idea from it.

            V
            Vanitha_DuraisamyAuthor
            New Participant
            May 8, 2023

            Thanks @asifchowdhury 

            Our Ajax calls are working, we are getting this 404 error for csrf token in the page load for all the pages.

            Also we are getting this error only in the dispatcher.

              Terms & ConditionsAccessibility statement

              Loading footer...