From b41f77c38786b857d66770921cb8d85f5234ca40 Mon Sep 17 00:00:00 2001
From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 28 Jul 2016 16:40:32 +0200
Subject: [PATCH] sirona-aem - CSRF

---
 customer/sirona-aem/prod.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml
index b556fac1..0d438103 100644
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -231,6 +231,8 @@ aem::dispatcher::publish_farm:
       - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
       - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
       - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json'  }
       # Deny content grabbing
       - { type: 'deny', url: '*.infinity.json' }
       - { type: 'deny', url: '*.tidy.json'     }
-- 
2.39.5