AEM CSRF Issue / Forbidden POST Call in AEM

AEM providing CSRF Protection from 6.0 version onwards. if you are using granite. jQuery dependency it will automatically provide CSRF protection framework.

if you are not using cq provided jQuery you must add granite.csrf.standalone as a dependency.

if you don't want to use the above client libs as a dependency. you can pass 'CSRF-Token' as header property for async XHR request. Call to '/libs/granite/csrf/token.json' will give 'CSRF-Token' value.