Help

ADF CSRF- Error

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sanjaybandhniya
Intermediate
‎1 Dec 2020 1:52 PM

ADF CSRF- Error

Jump to solution

I am using ADF with APS.

During Login I am getting CSRF Error.

ADF is using Rest API to communicate with APS and it is using Public API.

As Per this https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html is is saying that for Public API CSRF Protection is not required.

 

One solution is we can disable in APS but it may create some security issue.

Can any one clarify on this?

Login component having disableCsrf but not working.

I am using this login api as we have custom login page. https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/

@afaust  @angelborroy 

Labels
0 Kudos
1 Solution

Accepted Solutions
afaust
Master
‎1 Dec 2020 2:40 PM

Re: ADF CSRF- Error

Jump to solution

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

View solution in original post

0 Kudos
1 Reply
afaust
Master
‎1 Dec 2020 2:40 PM

Re: ADF CSRF- Error

Jump to solution

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

0 Kudos
Application Development Framework Forum

Discussions, help and advice about the Alfresco Development Framework.

Related Articles

ADF- CSRF Token Error

sanjaybandhniya
sanjaybandhniya Intermediate
0

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.