Add property to disable CsrfPreventionFilter

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Unresolved
    • Priority: L3 - Default
    • None
    • Affects Version/s: spring-boot 3.2.6
    • Component/s: spring-boot
    • None

      When using the Spring Boot Starter there should be an option to disable CSRF prevention.
      Example: camunda.bpm.webapp.csrf.enabled=false (default: true)

      Spring Security contains also CSRF protection. It is enabled by default, but it can be disabled, see the Reference Guide. It would be consistent that CsrfPreventionFilter can be disabled too.

      The Camunda CsrfPreventionFilter can also cause errors like CAM-9589. In such cases it is difficult to programmatically disable this Filter.

      This could be a possible solution for the warning displayed in the user guide.

            Assignee:
            Thorben Lindhauer
            Reporter:
            Roland Weisleder
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: