Let us see, How to fix 403 error when accessing AEM 6.3 Author via public IP during AEM upgrade.
When does this AEM upgrade issue occur?
When the Author was configured to be accessed via public IP, It started invalidating the session of the logged-in user. Session log-out used to happen specifically when the author tried to create a new page using the site admin. Below is an error that used to pop up when trying to create a new page.
Troubleshooting this AEM Upgrade Issue
Dispatcher debug logs showed that there was a call happening to the [/bin/wcmcommand] which was throwing a 403 response. In an ideal case, the response status code has to be 200.
[Mon Jan 20 03:04:16 2017] [D] [pid 9566 (tid 139932547352320)] Request body sent to remote server [Mon Jan 20 03:04:16 2017] [D] [pid 9566 (tid 139932547352320)] response.status = 403 [Mon Jan 20 03:04:16 2017] [D] [pid 9566 (tid 139932547352320)] response.headers[Content-Type] = "text/html; charset=UTF-8" [Mon Jan 20 03:04:16 2017] [D] [pid 9566 (tid 139932547352320)] No socket reuse: neither GET nor HEAD [Mon Jan 20 03:04:16 2017] [I] [pid 9566 (tid 139932547352320)] "POST /bin/wcmcommand" 403 354 14ms [website/rend01]
How to resolve this?
After analyzing more on this, it was found that in the dispatcher configuration, the CSRF token was missing in the client headers. Adding this token as below fixed the issue.
/authorfarm {
# client headers which should be passed through to the render instances
# (feature supported since dispatcher build 2.6.3.5222)
/clientheaders {
....
"CSRF-Token"
}
}
Further References
- https://stackoverflow.com/questions/32866547/why-am-i-signed-out-of-aem-6-while-dragging-and-dropping-component-on-a-page
- https://helpx.adobe.com/experience-manager/dispatcher/using/security-checklist.html#ConfigureDispatchertopreventCSRFAttacks
- Check out our other blogs on AEM Upgrade Issues
Feel free to share your thoughts on this topic in the comments section below 👇 We would be happy to hear and discuss the same 🙂