cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Is there any change in CSRF token structure or flow from Hybris 6.0 to Hybris 6.6?

Former Member

on ‎2018 Jun 18 4:13 PM

0 Kudos
1,222

I recently upgraded from Hybris 6.0 to Hybris 6.6. I am trying to POST a request from storefront, but its throwing error as 405 in server. The tomcat access log has the entry but in error as "405: Method not allowed". I assume it is a CSRF token issue but I am unable to fix it anyhow. I am sending the CSRFToken along with the POST request, but somehow its not working.

Can anyone help on this?

Thanks

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎2018 Jun 19 7:22 PM
0 Kudos

Hi, There is a significant change in Hybris 6.6 for "security:csrf disabled="true"", and they have removed the CSRFHandlerInterceptor as well. Try checking the existing yacceleratorstorefront, spring-security-config.xml , below is the code snippet.

security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher".

After adding it, I'm not getting 405 error on Post form submission, but I'm still getting a 404 in response. If you are able to resolve, pls do share your findings.

Many Thanks!

Show replies
Show replies
ishan_sap
Associate
Associate
‎2018 Jul 10 5:56 PM
0 Kudos

Did it work for you?

Ask a Question