AEM 6.1 ships with a mechanism that helps protect agains Cross-Site Request Forgery attacks, called the CSRF Protection Framework. For more information on how to use it, consult the documentation.
To address known security issues with Cross-Site Request Forgery (CSRF) in CRX WebDAV and Apache Sling you need to add configurations for the Referrer filter in order to use it.
The referrer filter service is an OSGi service that allows you to configure:
- which http methods should be filtered
- whether an empty referrer header is allowed
- and a white list of servers to be allowed in addition to the server host.
By default, all variations of localhost and the current host names the server is bound to are in the white list.
- - In the Allow Hosts field, enter all hosts that are allowed as a referrer. Each entry needs to be of the form
:// : For example: - http://allowed.server:80 allows all requests from this server with the given port.
- If you also want to allow https requests, you have to enter a second line.
- If you allow all ports from that server you can use 0 as the port number.
- Edit the methods this filter should use for checks with the Filter Methods field
- Click Save to save your changes.
Hi, I do think this is a great website. I stumbledupon it ;) I may return yet again since i have
ReplyDeletebookmarked it. Money and freedom is the greatest
way to change, may you be rich and continue to guide other
people.
bookmarked!!, I really like your web site!
ReplyDelete