Type: Bug Report
Priority: L3 - Default
Affects Version/s: spring-boot 2.3.0, spring-boot 3.0.0, spring-boot 3.1.0, spring-boot 3.2.0, spring-boot 3.3.0
The following dependencies are used:
- camunda-bpm-spring-boot-starter-webapp OR camunda-bpm-spring-boot-starter-webapp-ee
A modifying HTTP Request (POST/PUT/DELETE) is sent through the Rest API.
An Internal Server Error is reported (500), with message: Cannot create a session after the response has been committed.
The Rest API can be used together with the Webapps in the Spring Boot Starter.
The reason for the bug is that all resources in the starter are put on the root context path. This creates an overlap for the url patterns of the Webapps and Rest API, causing CSRF validation of Rest requests.