403 on POST from webapps

Hello, I was able to succesfully authenticate myself in Camunda webapps through Azure AD SSO. Now my last issue is that in any webapp, upon POST requests I see 403 forbidden, even when I’m logged in as a user with admin rights.

I have already followed this thread and configured csrf to be disabled or enabled with CookieCsrfTokenRepository.withHttpOnlyFalse() option - it didn’t help. Disabling CORS didn’t help as well.

Q: Has anyone witnessed such behaviour? Any ideas on have to solve those mysterious 403s on POST requests?

Hi @Michal_Stefaniuk,

Below post might be of help to you

Hi @hassang , thanks for replying.

I’m using Camunda embedded in Spring Boot, so I’m really not configuring anything through XMLs. All of my HTTP requests between the webapps and the engine are within the same origin, I guess CORS should not be a problem in my case. Nevertheless I’ve tried and disasbling/enabling it makes no difference in my case.

EDIT: As the problem is still there, could possibly playing around with Camunda & Spring Boot versions be a solution? I don’t really think so but I’ve been facing this issue for quite a while now and to be honest I’m running out of ideas.

1 Like

I was able to resolve that issue.

So it seems like disabling CSRF or configuring it according to what was described in this post actually works.

It was my mistake that it didn’t work in the very beggining - I have disabled CSRF in wrong configuration that had lower order of execution in spring boot filter chain. I applied it with higher priority and now it works like a charm. Shame that I had to spend a few days to spot such a miserable mistake :wink:

1 Like

Hi @Michal_Stefaniuk,

Thanks for sharing the solution worked with you.

Hi @Michal_Stefaniuk,

my favorite theme for this: “Umwege erhöhen die Ortskenntnis” (sorry for writing in German) :wink:

Cheers, Ingo

1 Like