aem 403 Sling Post servlet

403 Sling Post servlet

http://stackoverflow.com/questions/36564387/403-sling-post-servlet

403 Sling Post servlet
Sumanta Pakira
I'm following this blog post. But I'm getting 403 error in AEM 6.1. I do not want to change in 'Apache Sling Referrer Filter'. I think this error is coming because of CSRF token which I can get by calling /libs/granite/csrf/token.json
But how can I add this CSRF token in this form header? Or is there any other way to make it work?

Reply1
you can add the csrf token with the standalone tag
<cq:includeClientLib categories="granite.csrf.standalone" />
you can add this on every page you use a form, or maybe you have a masterpage witch inherits to every page
the csrf token is a hidden field, before the formular is sent. it looks like
<input type="hidden" name=":cq_csrf_token" value="4a6sd4f6as4df6as.a5s4df6a4sdf674asd96f"></input>
Reply2
As your page is outside AEM, one way to handle this globally would be to include the granite csrf JS in your application and modify it to point to your AEM token.json url. This script takes care of form posts, AJAX calls at a global level.
Secondly, this script does some checks related server url hosts and context paths. So you will have to disable those as well. It's a fairly simple JS to modify. I know this is not an ethical approach but using AEM in this manner is also not a normal usecase :)