sirona-aem - CSRF

author Philipp Dallig <philipp.dallig@pixelpark.com>

Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)

committer Philipp Dallig <philipp.dallig@pixelpark.com>

Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)
author Philipp Dallig <philipp.dallig@pixelpark.com>
Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)
committer Philipp Dallig <philipp.dallig@pixelpark.com>
Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)
diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml

index b556fac1a23e35aaa28e8b61f9e0528b64b9e3a3..0d438103457ea7e14502fdf0d36c49c62cf5a0f7 100644 (file)
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -231,6 +231,8 @@ aem::dispatcher::publish_farm:
        - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
        - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
        - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json'  }
        # Deny content grabbing
        - { type: 'deny', url: '*.infinity.json' }
        - { type: 'deny', url: '*.tidy.json'     }
author	Philipp Dallig <philipp.dallig@pixelpark.com>
	Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)
committer	Philipp Dallig <philipp.dallig@pixelpark.com>
	Thu, 28 Jul 2016 14:40:32 +0000 (16:40 +0200)