Camunda BPM : CSRFPreventionFilter: Invalid HTTP Header Token

Question

I am starting with camunda BPM so I am using https://start.camunda.com/ to create camunda spring boot application. I have created admin user with dummy/dummy credentials I have kepy spring security options as off over there as start.

Starter settings at a glance :

When I start application I am getting following error whenever I use my creds :

Login Failed :
CSRFPreventionFilter: Invalid HTTP Header Token

I dont see any relevant settings in application.yml

Answer 1

Looks like there is a bug in given version of Camunda. So as to manually suppress CSRFFilter I added following configuration . After that it is working now.

package com.example.workflow;

import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class CsrfAutoConfiguration {
    private static final String CSRF_PREVENTION_FILTER = "CsrfPreventionFilter";
    /**
     * Overwrite csrf filter from Camunda configured here
     * org.camunda.bpm.spring.boot.starter.webapp.CamundaBpmWebappInitializer
     * org.camunda.bpm.spring.boot.starter.webapp.filter.SpringBootCsrfPreventionFilter
     * Is configured with basically a 'no-op' filter
     */
    @Bean
    public ServletContextInitializer csrfOverwrite() {
        return servletContext -> servletContext.addFilter(CSRF_PREVENTION_FILTER, (request, response, chain) -> chain.doFilter(request, response));
    }
}

Courtesy: https://forum.camunda.org/t/how-to-disable-csrfpreventionfilter/13095/8