Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-10836

Add property to disable CsrfPreventionFilter

    XMLWordPrintable

    Details

    • Type: Bug Report
    • Status: Open
    • Priority: L3 - Default
    • Resolution: Unresolved
    • Affects Version/s: spring-boot 3.2.6
    • Fix Version/s: None
    • Component/s: spring-boot
    • Labels:
      None

      Description

      When using the Spring Boot Starter there should be an option to disable CSRF prevention.
      Example: camunda.bpm.webapp.csrf.enabled=false (default: true)

      Spring Security contains also CSRF protection. It is enabled by default, but it can be disabled, see the Reference Guide. It would be consistent that CsrfPreventionFilter can be disabled too.

      The Camunda CsrfPreventionFilter can also cause errors like CAM-9589. In such cases it is difficult to programmatically disable this Filter.

      This could be a possible solution for the warning displayed in the user guide.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              thorben.lindhauer Thorben Lindhauer
              Reporter:
              rweisleder Roland Weisleder
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: