I’m using Camunda Spring Boot Starter 3.3.3 and also did see the post you reference (Issues after enabling CSRF Prevention Filter). I did try to change server.servlet.context-path to /camunda, issue remains. As the exception is thrown in org.camunda.bpm.webapp.plugin.resource.AbstractAppPluginRootResource#getAsset I assume the whole Spring Security / CSRF filtering succeeded. There would be no reason to access the resource (app/plugin.js) from disk if any of the security related filters did not succeed/approve the request?! I also “disabled” Spring Security by removing any configuration and only keep this one:
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/**")
.permitAll()
.and()
.csrf().disable()
;
// @formatter:on
}