Issue: The POST method form submission returns 403 forbidden error in AEM 6.1
Solution: In AEM 6.1, the CSRF security is added besides Apache Sling Referrer. The AEM is expecting a valid CSRF token for every POST by default.
Include following clientlib in the template or component using the HTML form.
<cq:includeClientLib js="granite.csrf.standalone"/>
The script will generates the CSRF token like below and sends with POST request.
For verifying whether the POST method is blocked by CSRF framework, you can test by removing the POST entry in CSRFFilter configuration.
http://localhost:4502/system/console/configMgr/com.adobe.granite.csrf.impl.CSRFFilter
Ref: https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html
Solution: In AEM 6.1, the CSRF security is added besides Apache Sling Referrer. The AEM is expecting a valid CSRF token for every POST by default.
Include following clientlib in the template or component using the HTML form.
<cq:includeClientLib js="granite.csrf.standalone"/>
The script will generates the CSRF token like below and sends with POST request.
CSRF-Token:
eyJleHAiOjE0ODUyNzQ2NDQsImlhdCI6MTQ4NTI3NDA0NH0.AOyz-sTX9Ohh5hfBwFF_Qx8_y6GU8kfdMwIeVZZa88I
For verifying whether the POST method is blocked by CSRF framework, you can test by removing the POST entry in CSRFFilter configuration.
http://localhost:4502/system/console/configMgr/com.adobe.granite.csrf.impl.CSRFFilter
Ref: https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html
No comments:
Post a Comment