cancel
Showing results for 
Search instead for 
Did you mean: 

ADF CSRF- Error

sanjaybandhaniya
Elite Collaborator
Elite Collaborator

I am using ADF with APS.

During Login I am getting CSRF Error.

ADF is using Rest API to communicate with APS and it is using Public API.

As Per this https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html is is saying that for Public API CSRF Protection is not required.

One solution is we can disable in APS but it may create some security issue.

Can any one clarify on this?

Login component having disableCsrf but not working.

I am using this login api as we have custom login page. https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/

@afaust  @angelborroy 

1 ACCEPTED ANSWER

afaust
Legendary Innovator
Legendary Innovator

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.

View answer in original post

1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator

The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.