Hello, the community!
I tried to add CSRF Prevention for my Spring Boot app with Camunda Spring boot starter.
Camunda version: 7.10.6-ee
Camunda Spring boot starver version: 3.1.3
I have added filter, based on this documentation:
@Bean
public FilterRegistrationBean<CsrfPreventionFilter> csrfPreventionFilterFilterRegistrationBean() {
CsrfPreventionFilter csrfPreventionFilter = new CsrfPreventionFilter();
csrfPreventionFilter.setEntryPoints(
"/api/engine/engine/default/history/task/count, /api/engine/engine/default/history/variable/count"
);
csrfPreventionFilter.setRandomClass("java.security.SecureRandom");
csrfPreventionFilter.setDenyStatus(404);
final FilterRegistrationBean<CsrfPreventionFilter> filterRegistrationBean = new FilterRegistrationBean<>();
filterRegistrationBean.setFilter(csrfPreventionFilter);
filterRegistrationBean.addUrlPatterns("/*");
return filterRegistrationBean;
}
And I have updated application.yaml, based on the same document.
camunda:
bpm:
webapp:
csrf:
enable-secure-cookie: true
enable-same-site-cookie: true
Nevertheless, It didn’t help me at all.
I read the topic related to it: [Issue with CSRF Prevention filter of camunda-bpm-wildfly-7.10.0](http://Issue with CSRF Prevention filter of camunda-bpm-wildfly-7.10.0)
And as I understood in my version of the camunda spring boot starter this issue has been resolved.
Any ideas?