Namastey,
If you are working on your local machine and have created a sling servlet to make post request to local AEM Server , you may be getting 403 Error Code : Forbidden
This issue is due to CSRF Filter blocking POST Requests.
You can unblock this via OSGi Configuration. You shouldn't be doing it on production instances.
Now let us try to understand
Refer following for more details
https://helpx.adobe.com/experience-manager/6-4/forms/using/admin-help/preventing-csrf-attacks.html
Dhanywaad
If you are working on your local machine and have created a sling servlet to make post request to local AEM Server , you may be getting 403 Error Code : Forbidden
This issue is due to CSRF Filter blocking POST Requests.
You can unblock this via OSGi Configuration. You shouldn't be doing it on production instances.
- Go to http://localhost:4502/system/console/configMgr
- Find Adobe Granite CSRF Filter
- Remove POST from Filter Methods
- Save and Test the servlet again.
Now let us try to understand
- Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
- Adobe also provides a new CSRF Protection Framework to protect against this type of attack.
- The framework makes use of tokens to guarantee that the client request is legitimate. The tokens are generated when the form is sent to the client and validated when the form is sent back to the server.
Refer following for more details
https://helpx.adobe.com/experience-manager/6-4/forms/using/admin-help/preventing-csrf-attacks.html
Dhanywaad
Hi Sir,
ReplyDeleteCan we do this for social media component?
When I click on the Facebook icon on the AEM page it redirects to the Facebook but it shows me error on facebook page
"Forbidden error 403
You don't have permission to access..."
Could you please give me some suggestion if it is possible for you.
Thank you in advance,
KP