We are currently having an issue where some ajax requests to async Controller actions are hanging when an exception is thrown inside the action.
When viewed through the currently executing requests you can see the following information
<REQUEST REQUEST.NAME="c500100080026ded" Url="/url" Verb="GET" Stage="SendResponse" Module="SitecoreAntiCSRF" Time="1602531" SITE.ID="2" WP.NAME="14268" APPPOOL.NAME="AppPool" />
Is the module needed on Content Delivery servers? Can I completely remove it? What would be the implications if I do so?
The version of sitecore: 8 Update-5
The module is designed to protect WebForms from CSRF attacks. By default, it is configured to protect Sitecore interfaces (Sitecore shell) only. However, it supports configuration and can be enabled to protect frontend solutions.
Since Sitecore shell site is disabled on Content Delivery servers the module can safely be disabled or completely removed without any implications. If you have Sitecore backend enabled on Content Delivery servers the module can be configured to skip processing requests to some specific locations. Just add a node to Sitecore.AntiCsrf.config file and specify url to filter.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With