ADF CSRF- Error

cancel
Showing results for 
Search instead for 
Did you mean: 
sanjaybandhniya
Intermediate

ADF CSRF- Error

Jump to solution

I am using ADF with APS.

During Login I am getting CSRF Error.

ADF is using Rest API to communicate with APS and it is using Public API.

As Per this https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html is is saying that for Public API CSRF Protection is not required.

 

One solution is we can disable in APS but it may create some security issue.

Can any one clarify on this?

Login component having disableCsrf but not working.

I am using this login api as we have custom login page. https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/

@afaust  @angelborroy 

1 Solution

Accepted Solutions
afaust
Master

Re: ADF CSRF- Error

Jump to solution

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

View solution in original post

1 Reply
afaust
Master

Re: ADF CSRF- Error

Jump to solution

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.