12-01-2020 05:52 AM
I am using ADF with APS.
During Login I am getting CSRF Error.
ADF is using Rest API to communicate with APS and it is using Public API.
As Per this https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html is is saying that for Public API CSRF Protection is not required.
One solution is we can disable in APS but it may create some security issue.
Can any one clarify on this?
Login component having disableCsrf but not working.
I am using this login api as we have custom login page. https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/
12-01-2020 06:40 AM
The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.
12-01-2020 06:40 AM
The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.
Explore our Alfresco products with the links below. Use labels to filter content by product module.