Pages

Tuesday, July 22, 2014

CQ5/AEM Gotchya - When trying to fake a post request, you get the following error in the logs:

The Problem

POST /my/post/url HTTP/1.1] org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /my/post/url

The Solution

The problem here is that you are not correctly spoofing the Referer address. To avoid this problem when testing, you can disable Referer filter checking by going to localhost:/4502/system/console/components, go to Apache Sling Referrer Filter, and check the "Allow Empty" checkbox.

This will disable the referrer security check in CQ5 for your developer instance.

NOTE: DO NOT DO THIS FOR PUBLICLY ACCESSIBLE CQ5/AEM INSTANCES AS IT POSES A SECURITY RISK

No comments:

Post a Comment