Sunday, 10 June 2018

Sling Servlet POST request throwing 403 Forbidden Error

Namastey,

If you are working on your local machine and have created a sling servlet to make post request to local AEM Server , you may be getting 403 Error Code : Forbidden

This issue is due to CSRF Filter blocking POST Requests.

You can unblock this via OSGi Configuration. You shouldn't be doing it on production instances.


  1. Go to http://localhost:4502/system/console/configMgr
  2. Find Adobe Granite CSRF Filter 
  3. Remove POST from Filter Methods
  4. Save and Test the servlet again.









Now let us try to understand 

  • Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
  • Adobe also provides a new CSRF Protection Framework to protect against this type of attack.
  • The framework makes use of tokens to guarantee that the client request is legitimate. The tokens are generated when the form is sent to the client and validated when the form is sent back to the server.


Refer following for more details 
https://helpx.adobe.com/experience-manager/6-4/forms/using/admin-help/preventing-csrf-attacks.html


Dhanywaad

Basic Sling Model Exporter

/* Open a page which is having component /apps/project/components/page/page /content/project/en/jcr:content.model.json Don't miss...