From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 28 Jul 2016 14:40:32 +0000 (+0200)
Subject: sirona-aem - CSRF
X-Git-Tag: v0.1.0~4415
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=b41f77c38786b857d66770921cb8d85f5234ca40;p=pixelpark%2Fhiera.git

sirona-aem - CSRF
---

diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml
index b556fac1..0d438103 100644
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -231,6 +231,8 @@ aem::dispatcher::publish_farm:
       - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
       - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
       - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json'  }
       # Deny content grabbing
       - { type: 'deny', url: '*.infinity.json' }
       - { type: 'deny', url: '*.tidy.json'     }