Hyland Connect

sanjaybandhaniya · ‎12-01-2020

I am using ADF with APS.

During Login I am getting CSRF Error.

ADF is using Rest API to communicate with APS and it is using Public API.

As Per this https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html is is saying that for Public API CSRF Protection is not required.

One solution is we can disable in APS but it may create some security issue.

Can any one clarify on this?

Login component having disableCsrf but not working.

I am using this login api as we have custom login page. https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/

@afaust @angelborroy

afaust · ‎12-01-2020

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

View answer in original post

afaust · ‎12-01-2020

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

Hyland Connect

ADF CSRF- Error