-
Bug Report
-
Resolution: Unresolved
-
L3 - Default
-
None
-
spring-boot 3.2.6
-
None
When using the Spring Boot Starter there should be an option to disable CSRF prevention.
Example: camunda.bpm.webapp.csrf.enabled=false (default: true)
Spring Security contains also CSRF protection. It is enabled by default, but it can be disabled, see the Reference Guide. It would be consistent that CsrfPreventionFilter can be disabled too.
The Camunda CsrfPreventionFilter can also cause errors like CAM-9589. In such cases it is difficult to programmatically disable this Filter.
This could be a possible solution for the warning displayed in the user guide.
This is the controller panel for Smart Panels app
[CAM-10836] Add property to disable CsrfPreventionFilter
This ticket was migrated to github: https://github.com/camunda/camunda-bpm-platform/issues/2259. Please use this link for any future references and continue any discussion there.
Hi Roland,
thank you for reaching out to us with your request. Your requirements are clear to us.
I've forwarded this ticket to decision-making.
Stay tuned!
Cheers,
Tassilo