Re: [mgnl-user-list] Light Module Submitting Form

[Bartosz Staryga]

Hey Dimitri,

With 6.2.x comes quite a few secuirty impovements and few of them are CSRF related (6.2.1, 6.2.13, 6.2.14).

The one you can take a closer look at is: New CSRF filter implementation

You might need to add a filter bypass to your endpoint. You can check hwo to do it here in docs

Cheers,

Bartosz

Best regards,

Bartosz Staryga

Front-End Solution Architect, Headless Expert
bartosz...@magnolia-cms.com 

Magnolia 
Oslo-Strasse 2, 4142 Münchenstein (Basel), Switzerland
Office: +41 61 228 90 00 www.magnolia-cms.com 
 

On 20 Feb 2023 at 18:47:03, DimitriD <ddog...@gmail.com> wrote:

Hi,

I upgraded to Magnolia 6.2.28 from 5.4.8.  Everything worked, except one issue. One file in the light module has simple HTML POST form that submits to my custom Servlet that is configured in server/filters/servlets/FormServlet.   In 5.4.8 everything works fine and the code in my Servlet is executed.  In 6.2.28  when I do the same I see the following in the log:

2023-02-20 10:50:24,164 WARN  info.magnolia.cms.security.CsrfTokenFilterBase    : Possible CSRF Attack. CSRF token not set while user 'anonymous' attempted to access url '/ProcessForm'  and 403 forbidden returned to the browser. 

The code in my servlet is not executed.   According to documentation only ./magnoilia is subject to  CSRF filter and it is not part of my POST url.   How do I  submit POST form from light module in Magnolia 6.2.28.

Thanks,

Dimitri

--
You received this message because you are subscribed to the Google Groups "Magnolia User Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to user-list+...@magnolia-cms.com.
To view this discussion on the web, visit https://groups.google.com/a/magnolia-cms.com/d/msgid/user-list/606d05b6-c89f-4321-a1eb-922b2a028f5an%40magnolia-cms.com.