5 Replies Latest reply on Dec 8, 2017 5:16 AM by smacdonald2008

    csrf token publish vs dispatcher (login vs logout) and POST ajax requests

    sreenu539 Level 1

      csrf token is available when logged into publish environment.

      csrf token is not avilable when logged out of aem publish environment

       

      csrf token is not available all the time on dispatcher environment whether you logged into publish or not.

       

       

      Dispatcher:

      Application is accessed using dispatcher url:

       

      POST ajax requests are failing when token is not available on IE (promis.reject), in chrome it is silently going into promise resolve method of csrf.js even though token is not available.

       

      Am I missing anything here?

       

      Application does not depend on client library granite.jquery or cq.jquery but it seems by default AEM 6.3 has this feature enabled and for all ajax requests csrf.js file code gets executed.

       

      I appreciate any help.

       

      Thanks,

      Sreeni