AEM “referrer not allowed”
Out of the box, AEM denies all server names or hosts to make HTTP request to the respective running AEM publish/author instance. During a HTTP request made to the AEM publish/author, AEM checks the Referrer header configuration. If the referrer configured to allow the host(s), then AEM will full-fill the request, and if not, the AEM “referrer not allowed” error message will be shown.
Read More: https://en.wikipedia.org/wiki/HTTP_referer
In OSGI Configurations in AEM (http://localhost:4502/system/console/configMgr) use the browser finder (CTRL + F) and find “Apache Sling Referrer Filter”. Click on the configuration, and let’s break it down to see what fields control what.
Breaking things down
- Allow Empty (Boolean): only enable this if you are testing (using a REST Client). Enabling this will allow any hosts to make requests to your AEM application (remember to turn this off in your production environment).
- Allow Hosts (String): allows specific hosts to make requests to your AEM instance; use string characters only.
- Allow Regexp Host (String): allows specific hosts to make requests your AEM instance; use regex only.
- Filter Methods (String): defines which HTTP method(s) will be checked with the values in the allowed hosts before accepting incoming HTTP requests.
If you are learn by doing, you can follow the “How to make a simple HTTP post request in AEM” tutorial blog, where this tutorial will put the AEM Apache Sling Referrer Filter OSGI configuration in practice. https://sourcedcode.com/how-to-make-simple-http-post-methods-in-aem-with-a-http-rest-client.