1

My application has a search functionality which uses a query param fullText for the search term. But on my QA server, any query parameters are being removed and csrf token is being added.

Example, on homepage, if I search for 'tax', the url should be:

https://www.qaserver.com/en/search.html?fullText=tax

Instead, it changes to below url and remains on the 'same' page it is on.

https://www.qaserver.com/en/home.html?%3Acq_csrf_token=eyJleHAiOjE1MDAyNDk5NzgsImlhdCI6MTUwMDI0OTM3OH0.EXoQy8xeVh3j9kdFdnenLGLl2sFEh_boi_jFareO1is

Is there any AEM/dispatcher config missing or incorrect ?

The dispatcher or AEM logs don't show who is appending this param or why. The same thing happens with direct IP of publish server as well.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Riju Mahna
  • 6,718
  • 12
  • 52
  • 91

1 Answers1

0

Include <cq:includeClientLib categories="granite.csrf.standalone"/> on the page from you are making POST ajax or form submit. This should resolve the issue.

Or the other option is to exclude particular servlet path from CSRF Filter Configuration (Which is not recommended).

Amogh Daryapurkar
  • 51
  • 1
  • 5