Hi @NNma,
We are aware of the problem of the CSRF Prevention Filter not working properly with the Camunda Spring Boot Starter. The reason is that the Spring Boot Starter Webapps use the “root” context path, which leads to browsers setting the wrong Cookie path for the XSRF-TOKEN Cookie. The fix for the problem has already been done, and will be available with the next release.
However, as a workaround/quick-fix, you can set the context path to something like “/camunda” in you application.properties file. The property is server.servlet.context-path.
I hope this helps.
Best,
Nikola