AEM Sparks: CSRF Framework ClientLib


Starting with Adobe Experience Manager 6.1, there’s a new Cross-Site Request Forgery framework baked into AEM; you may have noticed this when your POST requests started getting rejected. There’s a simple way to make sure your form includes the correct code so that it can obtain a CSRF token. Just use the following in your HTL somewhere inside the <form> tag:

If you have a better solution to this problem that you’d like to share, contact us at