What’s Happening?
Firstly, in a typical development approach, you will be working on your author developers instance. Your Rest Client is making a POST request on the author instance, http://localhost:4502. You will get an authentication error.
Secondly, your POST request is being filtered and restricted by the “Apache Sling Referrer Filter” and “Adobe Granite CSRF Filter”. By default, the Apache Sling Referrer Filter blocks any incoming POST requests, and the Adobe Granite CSRF Filter blocks any incoming POST requests without the CSRF-Token token in the header.
Firstly, in a typical development approach, you will be working on your author developers instance. Your Rest Client is making a POST request on the author instance, http://localhost:4502. You will get an authentication error.
Secondly, your POST request is being filtered and restricted by the “Apache Sling Referrer Filter” and “Adobe Granite CSRF Filter”. By default, the Apache Sling Referrer Filter blocks any incoming POST requests, and the Adobe Granite CSRF Filter blocks any incoming POST requests without the CSRF-Token token in the header.
How to solve this?
We can solve this issue by including basic auth type in Postman, then allowing incoming POST requests in the Apache Sling Referrer Filter OSGI configurations, and remove the requirement of the CSRF-Token in the Adobe Granite CSRF Filter OSGI configurations.
Resource – Simple Servlet:
We can solve this issue by including basic auth type in Postman, then allowing incoming POST requests in the Apache Sling Referrer Filter OSGI configurations, and remove the requirement of the CSRF-Token in the Adobe Granite CSRF Filter OSGI configurations.
Resource – Simple Servlet:
Step 1: Configure Basic Auth in Postman
Launch Postman, then navigate to the Authentication tab. Ensure type is set to “Basic Auth”, and username and password are set to “admin”; this is the default username and password for the administrator user while developing on the author instance.
Launch Postman, then navigate to the Authentication tab. Ensure type is set to “Basic Auth”, and username and password are set to “admin”; this is the default username and password for the administrator user while developing on the author instance.
Step 2: Configure Apache Sling Referrer Filter
- Enable allow empty
- Remove the POST method from filters
Step 3: Configure Adobe Granite CSRF Filter
Note:
- Remove the POST method from filters
Note:
- After making configurations to the two OSGI configurations, you should be able to make a POST request from your HTTP REST Client to your AEM instance.
- For production, set Apache Sling Referrer Filter and Adobe Granite CSRF Filter settings back to default. Unless if you are giving access to other servers to make POST requests to your AEM application.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.